Xibo

Merge lp:~dangarner/xibo/server-layout-media-permissions into lp:xibo/1.3

  1. server-layout-media-permissions
  2. Merge into faye
Proposed by Dan Garner
Status: Merged
Merged at revision: 220
Proposed branch: lp:~dangarner/xibo/server-layout-media-permissions
Merge into: lp:xibo/1.3
Diff against target: 14520 lines (+7237/-5111)
59 files modified
server/install/database/41.sql (+218/-0)
server/lib/app/kit.class.php (+13/-0)
server/lib/app/permissionmanager.class.php (+83/-0)
server/lib/app/responsemanager.class.php (+11/-5)
server/lib/app/translationengine.class.php (+1/-1)
server/lib/data/dataset.data.class.php (+148/-0)
server/lib/data/datasetcolumn.data.class.php (+127/-0)
server/lib/data/datasetdata.data.class.php (+84/-0)
server/lib/data/datasetgroupsecurity.data.class.php (+149/-0)
server/lib/data/layout.data.class.php (+21/-10)
server/lib/data/layoutgroupsecurity.data.class.php (+149/-0)
server/lib/data/layoutmediagroupsecurity.data.class.php (+194/-0)
server/lib/data/layoutregiongroupsecurity.data.class.php (+150/-0)
server/lib/data/media.data.class.php (+9/-11)
server/lib/data/mediagroupsecurity.data.class.php (+188/-0)
server/lib/data/schedule.data.class.php (+2/-0)
server/lib/data/templategroupsecurity.data.class.php (+130/-0)
server/lib/include.php (+1/-0)
server/lib/js/core.js (+12/-3)
server/lib/js/dataset.js (+69/-0)
server/lib/js/layout.js (+3/-3)
server/lib/js/mediamanager.js (+65/-117)
server/lib/modules/module.class.php (+1164/-74)
server/lib/pages/content.class.php (+120/-104)
server/lib/pages/dataset.class.php (+1022/-0)
server/lib/pages/display.class.php (+9/-9)
server/lib/pages/displaygroup.class.php (+1/-1)
server/lib/pages/group.class.php (+1/-1)
server/lib/pages/index.class.php (+1/-1)
server/lib/pages/layout.class.php (+664/-261)
server/lib/pages/mediamanager.class.php (+165/-49)
server/lib/pages/oauth.class.php (+1/-1)
server/lib/pages/region.class.php (+94/-30)
server/lib/pages/schedule.class.php (+109/-15)
server/lib/pages/template.class.php (+225/-50)
server/lib/pages/user.class.php (+66/-111)
server/lib/service/rest.class.php (+3/-6)
server/lib/xmds.inc.php (+1/-0)
server/locale/dbtranslate.php (+1/-0)
server/modules/counter.module.php (+340/-0)
server/modules/embedded.module.php (+70/-32)
server/modules/flash.module.php (+88/-914)
server/modules/image.module.php (+92/-934)
server/modules/microblog.module.php (+55/-14)
server/modules/module_user_general.php (+382/-150)
server/modules/powerpoint.module.php (+88/-914)
server/modules/text.module.php (+313/-273)
server/modules/ticker.module.php (+52/-17)
server/modules/video.module.php (+88/-900)
server/modules/webpage.module.php (+74/-46)
server/template/css/calendar.css (+1/-0)
server/template/css/links.css (+14/-0)
server/template/css/presentation.css (+31/-1)
server/template/css/xibo.css (+7/-2)
server/template/footer.php (+1/-1)
server/template/header.php (+10/-13)
server/template/pages/dataset_view.php (+51/-0)
server/template/pages/layout_edit.php (+1/-0)
server/template/pages/mediamanager.php (+5/-37)
To merge this branch: bzr merge lp:~dangarner/xibo/server-layout-media-permissions
Reviewer Review Type Date Requested Status
Dan Garner Approve
Review via email: mp+72121@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Dan Garner (dangarner) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'server/img/forms/background_timeline.png'
2Binary files server/img/forms/background_timeline.png 2008-12-10 23:48:58 +0000 and server/img/forms/background_timeline.png 2011-08-18 23:36:27 +0000 differ
3=== modified file 'server/install/database/41.sql'
4--- server/install/database/41.sql 2011-06-05 17:18:24 +0000
5+++ server/install/database/41.sql 2011-08-18 23:36:27 +0000
6@@ -1,3 +1,221 @@
7+CREATE TABLE IF NOT EXISTS `lklayoutgroup` (
8+ `LkLayoutGroupID` int(11) NOT NULL AUTO_INCREMENT,
9+ `LayoutID` int(11) NOT NULL,
10+ `GroupID` int(11) NOT NULL,
11+ `View` tinyint(4) NOT NULL DEFAULT '0',
12+ `Edit` tinyint(4) NOT NULL DEFAULT '0',
13+ `Del` tinyint(4) NOT NULL DEFAULT '0',
14+ PRIMARY KEY (`LkLayoutGroupID`),
15+ KEY `LayoutID` (`LayoutID`),
16+ KEY `GroupID` (`GroupID`)
17+) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
18+
19+ALTER TABLE `lklayoutgroup`
20+ ADD CONSTRAINT `lklayoutgroup_ibfk_2` FOREIGN KEY (`GroupID`) REFERENCES `group` (`groupID`),
21+ ADD CONSTRAINT `lklayoutgroup_ibfk_1` FOREIGN KEY (`LayoutID`) REFERENCES `layout` (`layoutID`);
22+
23+ALTER TABLE `group` ADD `IsEveryone` TINYINT NOT NULL DEFAULT '0';
24+
25+INSERT INTO `group` (
26+`groupID` ,
27+`group` ,
28+`IsUserSpecific` ,
29+`IsEveryone`
30+)
31+VALUES (
32+NULL , 'Everyone', '0', '1'
33+);
34+
35+CREATE TABLE IF NOT EXISTS `lkmediagroup` (
36+ `LkMediaGroupID` int(11) NOT NULL AUTO_INCREMENT,
37+ `MediaID` int(11) NOT NULL,
38+ `GroupID` int(11) NOT NULL,
39+ `View` tinyint(4) NOT NULL DEFAULT '0',
40+ `Edit` tinyint(4) NOT NULL DEFAULT '0',
41+ `Del` tinyint(4) NOT NULL DEFAULT '0',
42+ PRIMARY KEY (`LkMediaGroupID`),
43+ KEY `MediaID` (`MediaID`),
44+ KEY `GroupID` (`GroupID`)
45+) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
46+
47+ALTER TABLE `lkmediagroup`
48+ ADD CONSTRAINT `lkmediagroup_ibfk_2` FOREIGN KEY (`GroupID`) REFERENCES `group` (`groupID`),
49+ ADD CONSTRAINT `lkmediagroup_ibfk_1` FOREIGN KEY (`MediaID`) REFERENCES `media` (`MediaID`);
50+
51+CREATE TABLE IF NOT EXISTS `lklayoutmediagroup` (
52+ `LkLayoutMediaGroup` int(11) NOT NULL AUTO_INCREMENT,
53+ `LayoutID` int(11) NOT NULL,
54+ `RegionID` varchar(50) NOT NULL,
55+ `MediaID` varchar(50) NOT NULL,
56+ `GroupID` int(11) NOT NULL,
57+ `View` tinyint(4) NOT NULL DEFAULT '0',
58+ `Edit` tinyint(4) NOT NULL DEFAULT '0',
59+ `Del` tinyint(4) NOT NULL DEFAULT '0',
60+ PRIMARY KEY (`LkLayoutMediaGroup`),
61+ KEY `LayoutID` (`LayoutID`),
62+ KEY `GroupID` (`GroupID`)
63+) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
64+
65+ALTER TABLE `lklayoutmediagroup`
66+ ADD CONSTRAINT `lklayoutmediagroup_ibfk_2` FOREIGN KEY (`GroupID`) REFERENCES `group` (`groupID`),
67+ ADD CONSTRAINT `lklayoutmediagroup_ibfk_1` FOREIGN KEY (`LayoutID`) REFERENCES `layout` (`layoutID`);
68+
69+CREATE TABLE IF NOT EXISTS `lktemplategroup` (
70+ `LkTemplateGroupID` int(11) NOT NULL AUTO_INCREMENT,
71+ `TemplateID` int(11) NOT NULL,
72+ `GroupID` int(11) NOT NULL,
73+ `View` tinyint(4) NOT NULL DEFAULT '0',
74+ `Edit` tinyint(4) NOT NULL DEFAULT '0',
75+ `Del` tinyint(4) NOT NULL DEFAULT '0',
76+ PRIMARY KEY (`LkTemplateGroupID`),
77+ KEY `TemplateID` (`TemplateID`),
78+ KEY `GroupID` (`GroupID`)
79+) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
80+
81+ALTER TABLE `lktemplategroup`
82+ ADD CONSTRAINT `lktemplategroup_ibfk_2` FOREIGN KEY (`GroupID`) REFERENCES `group` (`groupID`),
83+ ADD CONSTRAINT `lktemplategroup_ibfk_1` FOREIGN KEY (`TemplateID`) REFERENCES `template` (`TemplateID`);
84+
85+ALTER TABLE `layout` DROP `permissionID`;
86+
87+ALTER TABLE `media` DROP FOREIGN KEY `media_ibfk_1` ;
88+ALTER TABLE `media` DROP `permissionID`;
89+
90+ALTER TABLE `template` DROP FOREIGN KEY `template_ibfk_2` ;
91+ALTER TABLE `template` DROP `permissionID`;
92+
93+DROP TABLE `permission`;
94+
95+CREATE TABLE IF NOT EXISTS `lklayoutregiongroup` (
96+ `LkLayoutRegionGroup` int(11) NOT NULL AUTO_INCREMENT,
97+ `LayoutID` int(11) NOT NULL,
98+ `RegionID` varchar(50) NOT NULL,
99+ `GroupID` int(11) NOT NULL,
100+ `View` tinyint(4) NOT NULL DEFAULT '0',
101+ `Edit` tinyint(4) NOT NULL DEFAULT '0',
102+ `Del` tinyint(4) NOT NULL DEFAULT '0',
103+ PRIMARY KEY (`LkLayoutRegionGroup`),
104+ KEY `LayoutID` (`LayoutID`),
105+ KEY `GroupID` (`GroupID`)
106+) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
107+
108+ALTER TABLE `lklayoutregiongroup`
109+ ADD CONSTRAINT `lklayoutregiongroup_ibfk_2` FOREIGN KEY (`GroupID`) REFERENCES `group` (`groupID`),
110+ ADD CONSTRAINT `lklayoutregiongroup_ibfk_1` FOREIGN KEY (`LayoutID`) REFERENCES `layout` (`layoutID`);
111+
112+INSERT INTO lktemplategroup (TemplateID, GroupID, View)
113+SELECT TemplateID, GroupId, 1
114+ FROM template
115+ CROSS JOIN (SELECT GroupID, `Group` FROM `group` WHERE IsEveryone = 1) `group`
116+ WHERE IsSystem = 1;
117+
118+INSERT INTO `setting` (
119+`settingid` ,
120+`setting` ,
121+`value` ,
122+`type` ,
123+`helptext` ,
124+`options` ,
125+`cat` ,
126+`userChange`
127+)
128+VALUES (
129+NULL , 'REGION_OPTIONS_COLOURING', 'media', 'dropdown', NULL , 'Media Colouring|Permissions Colouring', 'permissions', '1'
130+);
131+
132+UPDATE `setting` SET `setting` = 'LAYOUT_DEFAULT',
133+`helptext` = 'New layouts will be created with these settings. If public everyone will be able to view and use this layout.' WHERE `setting`.`settingid` =2 LIMIT 1 ;
134+
135+UPDATE `setting` SET `setting` = 'MEDIA_DEFAULT',
136+`helptext` = 'Media will be created with these settings. If public everyone will be able to view and use this media.' WHERE `setting`.`settingid` =1 LIMIT 1 ;
137+
138+INSERT INTO `pages` (`name`, `pagegroupID`) VALUES
139+('help', 2),
140+('clock', 2);
141+
142+INSERT INTO `module` (
143+`ModuleID` ,
144+`Module` ,
145+`Enabled` ,
146+`RegionSpecific` ,
147+`Description` ,
148+`ImageUri` ,
149+`SchemaVersion` ,
150+`ValidExtensions`
151+)
152+VALUES (
153+NULL , 'Counter', '1', '1', 'Customer Counter connected to a Remote Control', 'img/forms/webpage.gif', '1', NULL
154+);
155+
156+INSERT INTO `pagegroup` (
157+`pagegroupID` ,
158+`pagegroup`
159+)
160+VALUES (
161+NULL , 'DataSets'
162+);
163+
164+INSERT INTO `pages` (`name`, `pagegroupID`)
165+SELECT 'dataset', pagegroupID
166+ FROM pagegroup
167+ WHERE pagegroup = 'DataSets';
168+
169+INSERT INTO `menuitem` (`menuID`, `pageID`, `Text`, `sequence`)
170+SELECT '4', pageID, 'DataSets', '6'
171+ FROM pages
172+ WHERE `name` = 'dataset';
173+
174+CREATE TABLE IF NOT EXISTS `dataset` (
175+ `DataSetID` int(11) NOT NULL AUTO_INCREMENT,
176+ `DataSet` varchar(50) NOT NULL,
177+ `Description` varchar(254) DEFAULT NULL,
178+ `UserID` int(11) NOT NULL,
179+ PRIMARY KEY (`DataSetID`),
180+ KEY `UserID` (`UserID`)
181+) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
182+
183+CREATE TABLE IF NOT EXISTS `datasetcolumn` (
184+ `DataSetColumnID` int(11) NOT NULL AUTO_INCREMENT,
185+ `DataSetID` int(11) NOT NULL,
186+ `Heading` varchar(50) NOT NULL,
187+ `DataTypeID` smallint(6) NOT NULL,
188+ `ListContent` varchar(255) DEFAULT NULL,
189+ `ColumnOrder` smallint(6) NOT NULL,
190+ PRIMARY KEY (`DataSetColumnID`),
191+ KEY `DataSetID` (`DataSetID`)
192+) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
193+
194+ALTER TABLE `datasetcolumn`
195+ ADD CONSTRAINT `datasetcolumn_ibfk_1` FOREIGN KEY (`DataSetID`) REFERENCES `dataset` (`DataSetID`);
196+
197+CREATE TABLE IF NOT EXISTS `datasetdata` (
198+ `DataSetDataID` int(11) NOT NULL AUTO_INCREMENT,
199+ `DataSetColumnID` int(11) NOT NULL,
200+ `RowNumber` int(11) NOT NULL,
201+ `Value` varchar(255) NOT NULL,
202+ PRIMARY KEY (`DataSetDataID`),
203+ KEY `DataColumnID` (`DataSetColumnID`)
204+) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
205+
206+ALTER TABLE `datasetdata`
207+ ADD CONSTRAINT `datasetdata_ibfk_1` FOREIGN KEY (`DataSetColumnID`) REFERENCES `datasetcolumn` (`DataSetColumnID`);
208+
209+CREATE TABLE IF NOT EXISTS `lkdatasetgroup` (
210+ `LkDataSetGroupID` int(11) NOT NULL AUTO_INCREMENT,
211+ `DataSetID` int(11) NOT NULL,
212+ `GroupID` int(11) NOT NULL,
213+ `View` tinyint(4) NOT NULL DEFAULT '0',
214+ `Edit` tinyint(4) NOT NULL DEFAULT '0',
215+ `Del` tinyint(4) NOT NULL DEFAULT '0',
216+ PRIMARY KEY (`LkDataSetGroupID`),
217+ KEY `DataSetID` (`DataSetID`),
218+ KEY `GroupID` (`GroupID`)
219+) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
220+
221+ALTER TABLE `lkdatasetgroup`
222+ ADD CONSTRAINT `lkdatasetgroup_ibfk_2` FOREIGN KEY (`GroupID`) REFERENCES `group` (`groupID`),
223+ ADD CONSTRAINT `lkdatasetgroup_ibfk_1` FOREIGN KEY (`DataSetID`) REFERENCES `dataset` (`DataSetID`);
224+
225
226
227 UPDATE `version` SET `app_ver` = '1.3.0', `XmdsVersion` = 2;
228
229=== modified file 'server/lib/app/kit.class.php'
230--- server/lib/app/kit.class.php 2011-02-28 16:05:59 +0000
231+++ server/lib/app/kit.class.php 2011-08-18 23:36:27 +0000
232@@ -490,5 +490,18 @@
233 return mail($to, $subject, $message, $headers);
234 }
235
236+ public static function SelectList($listName, $listValues, $idColumn, $nameColumn, $selectedId = '', $callBack = '')
237+ {
238+ $list = '<select name="' . $listName . '" id="' . $listName . '"' . $callBack . '>';
239+
240+ foreach ($listValues as $listItem)
241+ {
242+ $list .= '<option value="' . $listItem[$idColumn] . '" ' . (($listItem[$idColumn] == $selectedId) ? 'selected' : '') . '>' . $listItem[$nameColumn] . '</option>';
243+ }
244+
245+ $list .= '</select>';
246+
247+ return $list;
248+ }
249 }
250 ?>
251
252=== added file 'server/lib/app/permissionmanager.class.php'
253--- server/lib/app/permissionmanager.class.php 1970-01-01 00:00:00 +0000
254+++ server/lib/app/permissionmanager.class.php 2011-08-18 23:36:27 +0000
255@@ -0,0 +1,83 @@
256+<?php
257+/*
258+ * Xibo - Digitial Signage - http://www.xibo.org.uk
259+ * Copyright (C) 2011 Daniel Garner
260+ *
261+ * This file is part of Xibo.
262+ *
263+ * Xibo is free software: you can redistribute it and/or modify
264+ * it under the terms of the GNU Affero General Public License as published by
265+ * the Free Software Foundation, either version 3 of the License, or
266+ * any later version.
267+ *
268+ * Xibo is distributed in the hope that it will be useful,
269+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
270+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
271+ * GNU Affero General Public License for more details.
272+ *
273+ * You should have received a copy of the GNU Affero General Public License
274+ * along with Xibo. If not, see <http://www.gnu.org/licenses/>.
275+ */
276+defined('XIBO') or die('Sorry, you are not allowed to directly access this page.<br /> Please press the back button in your browser.');
277+
278+class PermissionManager
279+{
280+ private $db;
281+ private $user;
282+
283+ public $ownerId;
284+
285+ public $view;
286+ public $edit;
287+ public $del;
288+ public $modifyPermissions;
289+
290+ /**
291+ * Constructs the Module Manager.
292+ * @return
293+ * @param $db Object
294+ * @param $user Object
295+ */
296+ public function __construct(database $db, User $user)
297+ {
298+ $this->db =& $db;
299+ $this->user =& $user;
300+
301+ $this->view = false;
302+ $this->edit = false;
303+ $this->del = false;
304+ $this->modifyPermissions = false;
305+ }
306+
307+ public function Evaluate($ownerId, $view, $edit, $del)
308+ {
309+ $user =& $this->user;
310+
311+ $this->ownerId = $ownerId;
312+ $this->view = $view;
313+ $this->edit = $edit;
314+ $this->del = $del;
315+
316+ // Basic checks first
317+ if ($this->user->usertypeid == 1 || $ownerId == $user->userid)
318+ {
319+ // Super admin or owner, therefore permission granted to everything
320+ $this->FullAccess();
321+ }
322+ else if ($this->user->usertypeid == 2 && $this->view == 1)
323+ {
324+ // Group Admin and we have view permissions (i.e. this group is assigned to this item)
325+ $this->view = true;
326+ $this->edit = true;
327+ $this->del = true;
328+ }
329+ }
330+
331+ public function FullAccess()
332+ {
333+ $this->view = true;
334+ $this->edit = true;
335+ $this->del = true;
336+ $this->modifyPermissions = true;
337+ }
338+}
339\ No newline at end of file
340
341=== modified file 'server/lib/app/responsemanager.class.php'
342--- server/lib/app/responsemanager.class.php 2010-05-29 11:16:24 +0000
343+++ server/lib/app/responsemanager.class.php 2011-08-18 23:36:27 +0000
344@@ -45,20 +45,25 @@
345 public $refresh;
346 public $refreshLocation;
347 public $focusInFirstInput;
348+ public $appendHiddenSubmit;
349
350 public $login;
351 public $clockUpdate;
352+
353+ public $uniqueReference;
354
355 public function __construct()
356 {
357 // Determine if this is an AJAX call or not
358- $this->ajax = Kit::GetParam('ajax', _REQUEST, _BOOL, false);
359+ $this->ajax = Kit::GetParam('ajax', _REQUEST, _BOOL, false);
360
361 // Assume success
362- $this->success = true;
363- $this->clockUpdate = false;
364- $this->focusInFirstInput = true;
365- $this->buttons = '';
366+ $this->success = true;
367+ $this->clockUpdate = false;
368+ $this->focusInFirstInput = true;
369+ $this->appendHiddenSubmit = true;
370+ $this->uniqueReference = '';
371+ $this->buttons = '';
372
373 return true;
374 }
375@@ -212,6 +217,7 @@
376 // General
377 $response['html'] = $this->html;
378 $response['buttons'] = $this->buttons;
379+ $response['uniqueReference'] = $this->uniqueReference;
380
381 $response['success'] = $this->success;
382 $response['callBack'] = $this->callBack;
383
384=== modified file 'server/lib/app/translationengine.class.php'
385--- server/lib/app/translationengine.class.php 2010-09-18 15:40:51 +0000
386+++ server/lib/app/translationengine.class.php 2011-08-18 23:36:27 +0000
387@@ -75,7 +75,7 @@
388 {
389 // Remove any quality rating (as we aren't interested)
390 $rawLang = explode(';', $lang);
391- $lang = $rawLang[0];
392+ $lang = str_replace("-", "_", $rawLang[0]);
393
394 if (in_array($lang . '.mo', $supportedLangs))
395 {
396
397=== added file 'server/lib/data/dataset.data.class.php'
398--- server/lib/data/dataset.data.class.php 1970-01-01 00:00:00 +0000
399+++ server/lib/data/dataset.data.class.php 2011-08-18 23:36:27 +0000
400@@ -0,0 +1,148 @@
401+<?php
402+/*
403+ * Xibo - Digitial Signage - http://www.xibo.org.uk
404+ * Copyright (C) 2011 Daniel Garner
405+ *
406+ * This file is part of Xibo.
407+ *
408+ * Xibo is free software: you can redistribute it and/or modify
409+ * it under the terms of the GNU Affero General Public License as published by
410+ * the Free Software Foundation, either version 3 of the License, or
411+ * any later version.
412+ *
413+ * Xibo is distributed in the hope that it will be useful,
414+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
415+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
416+ * GNU Affero General Public License for more details.
417+ *
418+ * You should have received a copy of the GNU Affero General Public License
419+ * along with Xibo. If not, see <http://www.gnu.org/licenses/>.
420+ */
421+defined('XIBO') or die("Sorry, you are not allowed to directly access this page.<br /> Please press the back button in your browser.");
422+
423+class DataSet extends Data
424+{
425+ /**
426+ * Add a data set
427+ * @param <type> $dataSet
428+ * @param <type> $description
429+ * @param <type> $userId
430+ * @return <type>
431+ */
432+ public function Add($dataSet, $description, $userId)
433+ {
434+ $db =& $this->db;
435+
436+ // Validation
437+ if (strlen($dataSet) > 50 || strlen($dataSet) < 1)
438+ {
439+ $this->SetError(25001, __("Name must be between 1 and 50 characters"));
440+ return false;
441+ }
442+
443+ if (strlen($description) > 254)
444+ {
445+ $this->SetError(25002, __("Description can not be longer than 254 characters"));
446+ return false;
447+ }
448+
449+ // Ensure there are no layouts with the same name
450+ $SQL = sprintf("SELECT DataSet FROM dataset WHERE DataSet = '%s' ", $dataSet);
451+
452+ if ($db->GetSingleRow($SQL))
453+ {
454+ trigger_error($db->error());
455+ $this->SetError(25004, sprintf(__("There is already dataset called '%s'. Please choose another name."), $dataSet));
456+ return false;
457+ }
458+ // End Validation
459+
460+ $SQL = "INSERT INTO dataset (DataSet, Description, UserID) ";
461+ $SQL .= " VALUES ('%s', '%s', %d) ";
462+
463+ if (!$id = $db->insert_query(sprintf($SQL, $dataSet, $description, $userId)))
464+ {
465+ trigger_error($db->error());
466+ $this->SetError(25005, __('Could not add DataSet'));
467+
468+ return false;
469+ }
470+
471+ Debug::LogEntry($db, 'audit', 'Complete', 'DataSet', 'Add');
472+
473+ return $id;
474+ }
475+
476+ /**
477+ * Edit a DataSet
478+ * @param <type> $dataSetId
479+ * @param <type> $dataSet
480+ * @param <type> $description
481+ */
482+ public function Edit($dataSetId, $dataSet, $description)
483+ {
484+ $db =& $this->db;
485+
486+ // Validation
487+ if (strlen($dataSet) > 50 || strlen($dataSet) < 1)
488+ {
489+ $this->SetError(25001, __("Name must be between 1 and 50 characters"));
490+ return false;
491+ }
492+
493+ if (strlen($description) > 254)
494+ {
495+ $this->SetError(25002, __("Description can not be longer than 254 characters"));
496+ return false;
497+ }
498+
499+ // Ensure there are no layouts with the same name
500+ $SQL = sprintf("SELECT DataSet FROM dataset WHERE DataSet = '%s' AND DataSetID <> %d ", $dataSet, $dataSetId);
501+
502+ if ($db->GetSingleRow($SQL))
503+ {
504+ trigger_error($db->error());
505+ $this->SetError(25004, sprintf(__("There is already a dataset called '%s'. Please choose another name."), $dataSet));
506+ return false;
507+ }
508+ // End Validation
509+
510+ $SQL = "UPDATE dataset SET DataSet = '%s', Description = '%s' WHERE DataSetID = %d ";
511+ $SQL = sprintf($SQL, $dataSet, $description, $dataSetId);
512+
513+ if (!$db->query($SQL))
514+ {
515+ trigger_error($db->error());
516+ $this->SetError(25005, sprintf(__('Cannot edit dataset %s'), $dataSet));
517+ return false;
518+ }
519+
520+ return true;
521+ }
522+
523+ /**
524+ * Delete DataSet
525+ * @param <type> $dataSetId
526+ */
527+ public function Delete($dataSetId)
528+ {
529+ $db =& $this->db;
530+
531+ Kit::ClassLoader('datasetgroupsecurity');
532+ $security = new DataSetGroupSecurity($db);
533+ $security->UnlinkAll($dataSetId);
534+
535+ $SQL = "DELETE FROM dataset WHERE DataSetID = %d";
536+ $SQL = sprintf($SQL, $dataSetId);
537+
538+ if (!$db->query($SQL))
539+ {
540+ trigger_error($db->error());
541+ $this->SetError(25005, __('Cannot delete dataset'));
542+ return false;
543+ }
544+
545+ return true;
546+ }
547+}
548+?>
549\ No newline at end of file
550
551=== added file 'server/lib/data/datasetcolumn.data.class.php'
552--- server/lib/data/datasetcolumn.data.class.php 1970-01-01 00:00:00 +0000
553+++ server/lib/data/datasetcolumn.data.class.php 2011-08-18 23:36:27 +0000
554@@ -0,0 +1,127 @@
555+<?php
556+/*
557+ * Xibo - Digitial Signage - http://www.xibo.org.uk
558+ * Copyright (C) 2011 Daniel Garner
559+ *
560+ * This file is part of Xibo.
561+ *
562+ * Xibo is free software: you can redistribute it and/or modify
563+ * it under the terms of the GNU Affero General Public License as published by
564+ * the Free Software Foundation, either version 3 of the License, or
565+ * any later version.
566+ *
567+ * Xibo is distributed in the hope that it will be useful,
568+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
569+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
570+ * GNU Affero General Public License for more details.
571+ *
572+ * You should have received a copy of the GNU Affero General Public License
573+ * along with Xibo. If not, see <http://www.gnu.org/licenses/>.
574+ */
575+defined('XIBO') or die("Sorry, you are not allowed to directly access this page.<br /> Please press the back button in your browser.");
576+
577+class DataSetColumn extends Data
578+{
579+ public function Add($dataSetId, $heading, $dataTypeId, $listContent, $columnOrder = '')
580+ {
581+ $db =& $this->db;
582+
583+ // Is the column order provided?
584+ if ($columnOrder == '')
585+ {
586+ $SQL = "";
587+ $SQL .= "SELECT IFNULL(MAX(ColumnOrder), 1) AS ColumnOrder ";
588+ $SQL .= " FROM datasetcolumn ";
589+ $SQL .= sprintf("WHERE datasetID = %d ", $dataSetId);
590+
591+ if (!$columnOrder = $db->GetSingleValue($SQL, 'ColumnOrder', _INT))
592+ {
593+ trigger_error($db->error());
594+ return $this->SetError(25005, __('Could not determine the Column Order'));
595+ }
596+ }
597+
598+ $SQL = "INSERT INTO datasetcolumn (DataSetID, Heading, DataTypeID, ListContent, ColumnOrder) ";
599+ $SQL .= " VALUES (%d, '%s', %d, '%s', %d) ";
600+ $SQL = sprintf($SQL, $dataSetId, $heading, $dataTypeId, $listContent, $columnOrder);
601+
602+ if (!$id = $db->insert_query($SQL))
603+ {
604+ trigger_error($db->error());
605+ return $this->SetError(25005, __('Could not add DataSet Column'));
606+ }
607+
608+ Debug::LogEntry($db, 'audit', 'Complete', 'DataSetColumn', 'Add');
609+
610+ return $id;
611+ }
612+
613+ public function Edit($dataSetColumnId, $heading, $dataTypeId, $listContent, $columnOrder)
614+ {
615+ $db =& $this->db;
616+
617+ // Validation
618+ if ($listContent != '')
619+ {
620+ $list = explode(',', $listContent);
621+
622+ // We can check this is valid by building up a NOT IN sql statement, if we get results.. we know its not good
623+ $select = '';
624+
625+ for ($i=0; $i < count($list); $i++)
626+ {
627+ $list_val = $list[$i];
628+ $select .= "'$list_val',";
629+ }
630+
631+ $select = rtrim($select, ',');
632+
633+ $SQL = sprintf("SELECT DataSetDataID FROM datasetdata WHERE DataColumnID = %d AND Value NOT IN (%s)", $dataSetColumnId, $select);
634+
635+ if (!$results = $db->query($SQL))
636+ {
637+ trigger_error($db->error());
638+ return $this->SetError(25005, __('Could not edit DataSet Column'));
639+ }
640+
641+ if ($db->num_rows($results) > 0)
642+ return $this->SetError(25005, __('New list content value is invalid as it doesnt include values for existing data'));
643+ }
644+
645+ $SQL = "UPDATE datasetcolumn SET Heading = '%s', ListContent = '%s', ColumnOrder = %d ";
646+ $SQL .= " WHERE DataSetColumnID = %d";
647+
648+ $SQL = sprintf($SQL, $heading, $listContent, $columnOrder, $dataSetColumnId);
649+
650+ if (!$db->query($SQL))
651+ {
652+ trigger_error($db->error());
653+ return $this->SetError(25005, __('Could not edit DataSet Column'));
654+ }
655+
656+ Debug::LogEntry($db, 'audit', 'Complete', 'DataSetColumn', 'Edit');
657+
658+ return true;
659+ }
660+
661+ public function Delete($dataSetColumnId)
662+ {
663+ $db =& $this->db;
664+
665+ $SQL = "DELETE FROM datasetcolumn ";
666+ $SQL .= " WHERE DataSetColumnID = %d";
667+
668+ $SQL = sprintf($SQL, $dataSetColumnId);
669+
670+ if (!$db->query($SQL))
671+ {
672+ trigger_error($db->error());
673+ return $this->SetError(25005, __('Could not delete DataSet Column'));
674+ }
675+
676+ Debug::LogEntry($db, 'audit', 'Complete', 'DataSetColumn', 'Delete');
677+
678+ return true;
679+ }
680+}
681+?>
682\ No newline at end of file
683
684=== added file 'server/lib/data/datasetdata.data.class.php'
685--- server/lib/data/datasetdata.data.class.php 1970-01-01 00:00:00 +0000
686+++ server/lib/data/datasetdata.data.class.php 2011-08-18 23:36:27 +0000
687@@ -0,0 +1,84 @@
688+<?php
689+/*
690+ * Xibo - Digitial Signage - http://www.xibo.org.uk
691+ * Copyright (C) 2011 Daniel Garner
692+ *
693+ * This file is part of Xibo.
694+ *
695+ * Xibo is free software: you can redistribute it and/or modify
696+ * it under the terms of the GNU Affero General Public License as published by
697+ * the Free Software Foundation, either version 3 of the License, or
698+ * any later version.
699+ *
700+ * Xibo is distributed in the hope that it will be useful,
701+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
702+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
703+ * GNU Affero General Public License for more details.
704+ *
705+ * You should have received a copy of the GNU Affero General Public License
706+ * along with Xibo. If not, see <http://www.gnu.org/licenses/>.
707+ */
708+defined('XIBO') or die("Sorry, you are not allowed to directly access this page.<br /> Please press the back button in your browser.");
709+
710+class DataSetData extends Data
711+{
712+ public function Add($dataSetColumnId, $rowNumber, $value)
713+ {
714+ $db =& $this->db;
715+
716+ $SQL = "INSERT INTO datasetdata (DataSetColumnID, RowNumber, Value) ";
717+ $SQL .= " VALUES (%d, %d, '%s') ";
718+ $SQL = sprintf($SQL, $dataSetColumnId, $rowNumber, $value);
719+
720+ if (!$id = $db->insert_query($SQL))
721+ {
722+ trigger_error($db->error());
723+ return $this->SetError(25005, __('Could not add DataSet Data'));
724+ }
725+
726+ Debug::LogEntry($db, 'audit', 'Complete', 'DataSetData', 'Add');
727+
728+ return $id;
729+ }
730+
731+ public function Edit($dataSetColumnId, $rowNumber, $value)
732+ {
733+ $db =& $this->db;
734+
735+ $SQL = "UPDATE datasetdata SET Value = '%s' ";
736+ $SQL .= " WHERE DataSetColumnID = %d AND RowNumber = %d";
737+
738+ $SQL = sprintf($SQL, $value, $dataSetColumnId, $rowNumber);
739+
740+ if (!$db->query($SQL))
741+ {
742+ trigger_error($db->error());
743+ return $this->SetError(25005, __('Could not edit DataSet Data'));
744+ }
745+
746+ Debug::LogEntry($db, 'audit', 'Complete', 'DataSetData', 'Edit');
747+
748+ return true;
749+ }
750+
751+ public function Delete($dataSetColumnId, $rowNumber)
752+ {
753+ $db =& $this->db;
754+
755+ $SQL = "DELETE FROM datasetdata ";
756+ $SQL .= " WHERE DataSetColumnID = %d AND RowNumber = %d";
757+
758+ $SQL = sprintf($SQL, $dataSetColumnId, $rowNumber);
759+
760+ if (!$db->query($SQL))
761+ {
762+ trigger_error($db->error());
763+ return $this->SetError(25005, __('Could not delete Data for Column/Row'));
764+ }
765+
766+ Debug::LogEntry($db, 'audit', 'Complete', 'DataSetData', 'Delete');
767+
768+ return true;
769+ }
770+}
771+?>
772\ No newline at end of file
773
774=== added file 'server/lib/data/datasetgroupsecurity.data.class.php'
775--- server/lib/data/datasetgroupsecurity.data.class.php 1970-01-01 00:00:00 +0000
776+++ server/lib/data/datasetgroupsecurity.data.class.php 2011-08-18 23:36:27 +0000
777@@ -0,0 +1,149 @@
778+<?php
779+/*
780+ * Xibo - Digitial Signage - http://www.xibo.org.uk
781+ * Copyright (C) 2011 Daniel Garner
782+ *
783+ * This file is part of Xibo.
784+ *
785+ * Xibo is free software: you can redistribute it and/or modify
786+ * it under the terms of the GNU Affero General Public License as published by
787+ * the Free Software Foundation, either version 3 of the License, or
788+ * any later version.
789+ *
790+ * Xibo is distributed in the hope that it will be useful,
791+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
792+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
793+ * GNU Affero General Public License for more details.
794+ *
795+ * You should have received a copy of the GNU Affero General Public License
796+ * along with Xibo. If not, see <http://www.gnu.org/licenses/>.
797+ */
798+defined('XIBO') or die('Sorry, you are not allowed to directly access this page.<br /> Please press the back button in your browser.');
799+
800+class DataSetGroupSecurity extends Data
801+{
802+ public function __construct(database $db)
803+ {
804+ parent::__construct($db);
805+ }
806+
807+ /**
808+ * Links a Display Group to a Group
809+ * @return
810+ * @param $displayGroupID Object
811+ * @param $groupID Object
812+ */
813+ public function Link($dataSetId, $groupId, $view, $edit, $del)
814+ {
815+ $db =& $this->db;
816+
817+ Debug::LogEntry($db, 'audit', 'IN', 'DataSetGroupSecurity', 'Link');
818+
819+ $SQL = "";
820+ $SQL .= "INSERT ";
821+ $SQL .= "INTO lkdatasetgroup ";
822+ $SQL .= " ( ";
823+ $SQL .= " DataSetID, ";
824+ $SQL .= " GroupID, ";
825+ $SQL .= " View, ";
826+ $SQL .= " Edit, ";
827+ $SQL .= " Del ";
828+ $SQL .= " ) ";
829+ $SQL .= " VALUES ";
830+ $SQL .= " ( ";
831+ $SQL .= sprintf(" %d, %d, %d, %d, %d ", $dataSetId, $groupId, $view, $edit, $del);
832+ $SQL .= " )";
833+
834+ if (!$db->query($SQL))
835+ {
836+ trigger_error($db->error());
837+ $this->SetError(25024, __('Could not Link DataSet to Group'));
838+
839+ return false;
840+ }
841+
842+ Debug::LogEntry($db, 'audit', 'OUT', 'DataSetGroupSecurity', 'Link');
843+
844+ return true;
845+ }
846+
847+ /**
848+ * Links everyone to the layout specified
849+ * @param <type> $layoutId
850+ * @param <type> $view
851+ * @param <type> $edit
852+ * @param <type> $del
853+ * @return <type>
854+ */
855+ public function LinkEveryone($dataSetId, $view, $edit, $del)
856+ {
857+ $db =& $this->db;
858+
859+ Debug::LogEntry($db, 'audit', 'IN', 'DataSetGroupSecurity', 'LinkEveryone');
860+
861+ $groupId = $db->GetSingleValue("SELECT GroupID FROM `group` WHERE IsEveryone = 1", 'GroupID', _INT);
862+
863+ return $this->Link($dataSetId, $groupId, $view, $edit, $del);
864+ }
865+
866+ /**
867+ * Unlinks a display group from a group
868+ * @return
869+ * @param $displayGroupID Object
870+ * @param $groupID Object
871+ */
872+ public function Unlink($dataSetId, $groupId)
873+ {
874+ $db =& $this->db;
875+
876+ Debug::LogEntry($db, 'audit', 'IN', 'DataSetGroupSecurity', 'Unlink');
877+
878+ $SQL = "";
879+ $SQL .= "DELETE FROM ";
880+ $SQL .= " lkdatasetgroup ";
881+ $SQL .= sprintf(" WHERE DataSetID = %d AND GroupID = %d ", $dataSetId, $groupId);
882+
883+ if (!$db->query($SQL))
884+ {
885+ trigger_error($db->error());
886+ $this->SetError(25025, __('Could not Unlink DataSet from Group'));
887+
888+ return false;
889+ }
890+
891+ Debug::LogEntry($db, 'audit', 'OUT', 'DataSetGroupSecurity', 'Unlink');
892+
893+ return true;
894+ }
895+
896+ /**
897+ * Unlinks a display group from a group
898+ * @return
899+ * @param $displayGroupID Object
900+ * @param $groupID Object
901+ */
902+ public function UnlinkAll($dataSetId)
903+ {
904+ $db =& $this->db;
905+
906+ Debug::LogEntry($db, 'audit', 'IN', 'DataSetGroupSecurity', 'Unlink');
907+
908+ $SQL = "";
909+ $SQL .= "DELETE FROM ";
910+ $SQL .= " lkdatasetgroup ";
911+ $SQL .= sprintf(" WHERE DataSetID = %d ", $dataSetId);
912+
913+ if (!$db->query($SQL))
914+ {
915+ trigger_error($db->error());
916+ $this->SetError(25025, __('Could not Unlink DataSet from Group'));
917+
918+ return false;
919+ }
920+
921+ Debug::LogEntry($db, 'audit', 'OUT', 'DataSetGroupSecurity', 'Unlink');
922+
923+ return true;
924+ }
925+}
926+?>
927\ No newline at end of file
928
929=== modified file 'server/lib/data/layout.data.class.php'
930--- server/lib/data/layout.data.class.php 2011-01-07 22:03:11 +0000
931+++ server/lib/data/layout.data.class.php 2011-08-18 23:36:27 +0000
932@@ -29,13 +29,12 @@
933 * Add a layout
934 * @param <type> $layout
935 * @param <type> $description
936- * @param <type> $permissionid
937 * @param <type> $tags
938 * @param <type> $userid
939 * @param <type> $templateId
940 * @return <type>
941 */
942- public function Add($layout, $description, $permissionid, $tags, $userid, $templateId)
943+ public function Add($layout, $description, $tags, $userid, $templateId)
944 {
945 $db =& $this->db;
946 $currentdate = date("Y-m-d H:i:s");
947@@ -75,17 +74,17 @@
948 Debug::LogEntry($db, 'audit', 'Validation Compelte', 'Layout', 'Add');
949
950 // Get the XML for this template.
951- $templateXml = $this->GetTemplateXml($templateId);
952+ $templateXml = $this->GetTemplateXml($templateId, $userid);
953
954 Debug::LogEntry($db, 'audit', 'Retrieved template xml', 'Layout', 'Add');
955
956 $SQL = <<<END
957- INSERT INTO layout (layout, description, userID, permissionID, createdDT, modifiedDT, tags, xml)
958- VALUES ('%s', '%s', %d, %d, '%s', '%s', '%s', '%s')
959+ INSERT INTO layout (layout, description, userID, createdDT, modifiedDT, tags, xml)
960+ VALUES ('%s', '%s', %d, %d, '%s', '%s', '%s')
961 END;
962
963 $SQL = sprintf($SQL, $db->escape_string($layout),
964- $db->escape_string($description), $userid, $permissionid,
965+ $db->escape_string($description), $userid,
966 $db->escape_string($currentdate),
967 $db->escape_string($currentdate),
968 $db->escape_string($tags),
969@@ -124,7 +123,7 @@
970 * Gets the XML for the specified template id
971 * @param <type> $templateId
972 */
973- private function GetTemplateXml($templateId)
974+ private function GetTemplateXml($templateId, $userId)
975 {
976 $db =& $this->db;
977
978@@ -149,7 +148,16 @@
979 if (!$row = $db->GetSingleRow(sprintf("SELECT xml FROM template WHERE templateID = %d ", $templateId)))
980 trigger_error(__('Error getting this template.'), E_USER_ERROR);
981
982- $xml = $row['xml'];
983+ $xmlDoc = new DOMDocument("1.0");
984+ $xmlDoc->loadXML($row['xml']);
985+
986+ $regionNodeList = $xmlDoc->getElementsByTagName('region');
987+
988+ //get the regions
989+ foreach ($regionNodeList as $region)
990+ $region->setAttribute('userId', $userId);
991+
992+ $xml = $xmlDoc->saveXML();
993 }
994
995 return $xml;
996@@ -348,8 +356,8 @@
997
998 // The Layout ID is the old layout
999 $SQL = "";
1000- $SQL .= " INSERT INTO layout (layout, permissionID, xml, userID, description, tags, templateID, retired, duration, background, createdDT, modifiedDT) ";
1001- $SQL .= " SELECT '%s', permissionID, xml, %d, description, tags, templateID, retired, duration, background, '%s', '%s' ";
1002+ $SQL .= " INSERT INTO layout (layout, xml, userID, description, tags, templateID, retired, duration, background, createdDT, modifiedDT) ";
1003+ $SQL .= " SELECT '%s', xml, %d, description, tags, templateID, retired, duration, background, '%s', '%s' ";
1004 $SQL .= " FROM layout ";
1005 $SQL .= " WHERE layoutid = %d";
1006 $SQL = sprintf($SQL, $db->escape_string($newLayoutName), $userId, $db->escape_string($currentdate), $db->escape_string($currentdate), $oldLayoutId);
1007@@ -427,6 +435,9 @@
1008 $db =& $this->db;
1009
1010 // Remove all LK records for this layout
1011+ $db->query(sprintf('DELETE FROM lklayoutgroup WHERE layoutid = %d', $layoutId));
1012+ $db->query(sprintf('DELETE FROM lklayoutmediagroup WHERE layoutid = %d', $layoutId));
1013+ $db->query(sprintf('DELETE FROM lklayoutregiongroup WHERE layoutid = %d', $layoutId));
1014 $db->query(sprintf('DELETE FROM lklayoutmedia WHERE layoutid = %d', $layoutId));
1015
1016 // Remove the Layout
1017
1018=== added file 'server/lib/data/layoutgroupsecurity.data.class.php'
1019--- server/lib/data/layoutgroupsecurity.data.class.php 1970-01-01 00:00:00 +0000
1020+++ server/lib/data/layoutgroupsecurity.data.class.php 2011-08-18 23:36:27 +0000
1021@@ -0,0 +1,149 @@
1022+<?php
1023+/*
1024+ * Xibo - Digitial Signage - http://www.xibo.org.uk
1025+ * Copyright (C) 2011 Daniel Garner
1026+ *
1027+ * This file is part of Xibo.
1028+ *
1029+ * Xibo is free software: you can redistribute it and/or modify
1030+ * it under the terms of the GNU Affero General Public License as published by
1031+ * the Free Software Foundation, either version 3 of the License, or
1032+ * any later version.
1033+ *
1034+ * Xibo is distributed in the hope that it will be useful,
1035+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
1036+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
1037+ * GNU Affero General Public License for more details.
1038+ *
1039+ * You should have received a copy of the GNU Affero General Public License
1040+ * along with Xibo. If not, see <http://www.gnu.org/licenses/>.
1041+ */
1042+defined('XIBO') or die('Sorry, you are not allowed to directly access this page.<br /> Please press the back button in your browser.');
1043+
1044+class LayoutGroupSecurity extends Data
1045+{
1046+ public function __construct(database $db)
1047+ {
1048+ parent::__construct($db);
1049+ }
1050+
1051+ /**
1052+ * Links a Display Group to a Group
1053+ * @return
1054+ * @param $displayGroupID Object
1055+ * @param $groupID Object
1056+ */
1057+ public function Link($layoutId, $groupId, $view, $edit, $del)
1058+ {
1059+ $db =& $this->db;
1060+
1061+ Debug::LogEntry($db, 'audit', 'IN', 'LayoutGroupSecurity', 'Link');
1062+
1063+ $SQL = "";
1064+ $SQL .= "INSERT ";
1065+ $SQL .= "INTO lklayoutgroup ";
1066+ $SQL .= " ( ";
1067+ $SQL .= " LayoutID, ";
1068+ $SQL .= " GroupID, ";
1069+ $SQL .= " View, ";
1070+ $SQL .= " Edit, ";
1071+ $SQL .= " Del ";
1072+ $SQL .= " ) ";
1073+ $SQL .= " VALUES ";
1074+ $SQL .= " ( ";
1075+ $SQL .= sprintf(" %d, %d, %d, %d, %d ", $layoutId, $groupId, $view, $edit, $del);
1076+ $SQL .= " )";
1077+
1078+ if (!$db->query($SQL))
1079+ {
1080+ trigger_error($db->error());
1081+ $this->SetError(25024, __('Could not Link Layout to Group'));
1082+
1083+ return false;
1084+ }
1085+
1086+ Debug::LogEntry($db, 'audit', 'OUT', 'LayoutGroupSecurity', 'Link');
1087+
1088+ return true;
1089+ }
1090+
1091+ /**
1092+ * Links everyone to the layout specified
1093+ * @param <type> $layoutId
1094+ * @param <type> $view
1095+ * @param <type> $edit
1096+ * @param <type> $del
1097+ * @return <type>
1098+ */
1099+ public function LinkEveryone($layoutId, $view, $edit, $del)
1100+ {
1101+ $db =& $this->db;
1102+
1103+ Debug::LogEntry($db, 'audit', 'IN', 'LayoutGroupSecurity', 'LinkEveryone');
1104+
1105+ $groupId = $db->GetSingleValue("SELECT GroupID FROM `group` WHERE IsEveryone = 1", 'GroupID', _INT);
1106+
1107+ return $this->Link($layoutId, $groupId, $view, $edit, $del);
1108+ }
1109+
1110+ /**
1111+ * Unlinks a display group from a group
1112+ * @return
1113+ * @param $displayGroupID Object
1114+ * @param $groupID Object
1115+ */
1116+ public function Unlink($layoutId, $groupId)
1117+ {
1118+ $db =& $this->db;
1119+
1120+ Debug::LogEntry($db, 'audit', 'IN', 'LayoutGroupSecurity', 'Unlink');
1121+
1122+ $SQL = "";
1123+ $SQL .= "DELETE FROM ";
1124+ $SQL .= " lklayoutgroup ";
1125+ $SQL .= sprintf(" WHERE LayoutID = %d AND GroupID = %d ", $layoutId, $groupId);
1126+
1127+ if (!$db->query($SQL))
1128+ {
1129+ trigger_error($db->error());
1130+ $this->SetError(25025, __('Could not Unlink Layout from Group'));
1131+
1132+ return false;
1133+ }
1134+
1135+ Debug::LogEntry($db, 'audit', 'OUT', 'LayoutGroupSecurity', 'Unlink');
1136+
1137+ return true;
1138+ }
1139+
1140+ /**
1141+ * Unlinks a display group from a group
1142+ * @return
1143+ * @param $displayGroupID Object
1144+ * @param $groupID Object
1145+ */
1146+ public function UnlinkAll($layoutId)
1147+ {
1148+ $db =& $this->db;
1149+
1150+ Debug::LogEntry($db, 'audit', 'IN', 'LayoutGroupSecurity', 'Unlink');
1151+
1152+ $SQL = "";
1153+ $SQL .= "DELETE FROM ";
1154+ $SQL .= " lklayoutgroup ";
1155+ $SQL .= sprintf(" WHERE LayoutID = %d ", $layoutId);
1156+
1157+ if (!$db->query($SQL))
1158+ {
1159+ trigger_error($db->error());
1160+ $this->SetError(25025, __('Could not Unlink Layout from Group'));
1161+
1162+ return false;
1163+ }
1164+
1165+ Debug::LogEntry($db, 'audit', 'OUT', 'LayoutGroupSecurity', 'Unlink');
1166+
1167+ return true;
1168+ }
1169+}
1170+?>
1171\ No newline at end of file
1172
1173=== added file 'server/lib/data/layoutmediagroupsecurity.data.class.php'
1174--- server/lib/data/layoutmediagroupsecurity.data.class.php 1970-01-01 00:00:00 +0000
1175+++ server/lib/data/layoutmediagroupsecurity.data.class.php 2011-08-18 23:36:27 +0000
1176@@ -0,0 +1,194 @@
1177+<?php
1178+/*
1179+ * Xibo - Digitial Signage - http://www.xibo.org.uk
1180+ * Copyright (C) 2011 Daniel Garner
1181+ *
1182+ * This file is part of Xibo.
1183+ *
1184+ * Xibo is free software: you can redistribute it and/or modify
1185+ * it under the terms of the GNU Affero General Public License as published by
1186+ * the Free Software Foundation, either version 3 of the License, or
1187+ * any later version.
1188+ *
1189+ * Xibo is distributed in the hope that it will be useful,
1190+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
1191+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
1192+ * GNU Affero General Public License for more details.
1193+ *
1194+ * You should have received a copy of the GNU Affero General Public License
1195+ * along with Xibo. If not, see <http://www.gnu.org/licenses/>.
1196+ */
1197+defined('XIBO') or die('Sorry, you are not allowed to directly access this page.<br /> Please press the back button in your browser.');
1198+
1199+class LayoutMediaGroupSecurity extends Data
1200+{
1201+ public function __construct(database $db)
1202+ {
1203+ parent::__construct($db);
1204+ }
1205+
1206+ /**
1207+ * Links a Display Group to a Group
1208+ * @return
1209+ * @param $displayGroupID Object
1210+ * @param $groupID Object
1211+ */
1212+ public function Link($layoutId, $regionId, $mediaId, $groupId, $view, $edit, $del)
1213+ {
1214+ $db =& $this->db;
1215+
1216+ Debug::LogEntry($db, 'audit', 'IN', 'LayoutMediaGroupSecurity', 'Link');
1217+
1218+ $SQL = "";
1219+ $SQL .= "INSERT ";
1220+ $SQL .= "INTO lklayoutmediagroup ";
1221+ $SQL .= " ( ";
1222+ $SQL .= " LayoutID, ";
1223+ $SQL .= " RegionID, ";
1224+ $SQL .= " MediaID, ";
1225+ $SQL .= " GroupID, ";
1226+ $SQL .= " View, ";
1227+ $SQL .= " Edit, ";
1228+ $SQL .= " Del ";
1229+ $SQL .= " ) ";
1230+ $SQL .= " VALUES ";
1231+ $SQL .= " ( ";
1232+ $SQL .= sprintf(" %d, '%s', '%s', %d, %d, %d, %d ", $layoutId, $regionId, $mediaId, $groupId, $view, $edit, $del);
1233+ $SQL .= " )";
1234+
1235+ if (!$db->query($SQL))
1236+ {
1237+ trigger_error($db->error());
1238+ $this->SetError(25026, __('Could not Link Layout Media to Group'));
1239+
1240+ return false;
1241+ }
1242+
1243+ Debug::LogEntry($db, 'audit', 'OUT', 'LayoutMediaGroupSecurity', 'Link');
1244+
1245+ return true;
1246+ }
1247+
1248+ /**
1249+ * Links everyone to the layout specified
1250+ * @param <type> $layoutId
1251+ * @param <type> $view
1252+ * @param <type> $edit
1253+ * @param <type> $del
1254+ * @return <type>
1255+ */
1256+ public function LinkEveryone($layoutId, $regionId, $mediaId, $view, $edit, $del)
1257+ {
1258+ $db =& $this->db;
1259+
1260+ Debug::LogEntry($db, 'audit', 'IN', 'LayoutMediaGroupSecurity', 'LinkEveryone');
1261+
1262+ $groupId = $db->GetSingleValue("SELECT GroupID FROM `group` WHERE IsEveryone = 1", 'GroupID', _INT);
1263+
1264+ return $this->Link($layoutId, $regionId, $mediaId, $groupId, $view, $edit, $del);
1265+ }
1266+
1267+ /**
1268+ * Unlinks a display group from a group
1269+ * @return
1270+ * @param $displayGroupID Object
1271+ * @param $groupID Object
1272+ */
1273+ public function Unlink($layoutId, $regionId, $mediaId, $groupId)
1274+ {
1275+ $db =& $this->db;
1276+
1277+ Debug::LogEntry($db, 'audit', 'IN', 'LayoutMediaGroupSecurity', 'Unlink');
1278+
1279+ $SQL = "";
1280+ $SQL .= "DELETE FROM ";
1281+ $SQL .= " lklayoutmediagroup ";
1282+ $SQL .= sprintf(" WHERE LayoutID = %d AND RegionID = '%s' AND MediaID = '%s' AND GroupID = %d ", $layoutId, $regionId, $mediaId, $groupId);
1283+
1284+ if (!$db->query($SQL))
1285+ {
1286+ trigger_error($db->error());
1287+ $this->SetError(25027, __('Could not Unlink Layout Media from Group'));
1288+
1289+ return false;
1290+ }
1291+
1292+ Debug::LogEntry($db, 'audit', 'OUT', 'LayoutMediaGroupSecurity', 'Unlink');
1293+
1294+ return true;
1295+ }
1296+
1297+ /**
1298+ * Unlinks a display group from a group
1299+ * @return
1300+ * @param $displayGroupID Object
1301+ * @param $groupID Object
1302+ */
1303+ public function UnlinkAll($layoutId, $regionId, $mediaId)
1304+ {
1305+ $db =& $this->db;
1306+
1307+ Debug::LogEntry($db, 'audit', 'IN', 'LayoutMediaGroupSecurity', 'Unlink');
1308+
1309+ $SQL = "";
1310+ $SQL .= "DELETE FROM ";
1311+ $SQL .= " lklayoutmediagroup ";
1312+ $SQL .= sprintf(" WHERE LayoutID = %d AND RegionID = '%s' AND MediaID = '%s' ", $layoutId, $regionId, $mediaId);
1313+
1314+ if (!$db->query($SQL))
1315+ {
1316+ trigger_error($db->error());
1317+ $this->SetError(25028, __('Could not Unlink Layout Media from Group'));
1318+
1319+ return false;
1320+ }
1321+
1322+ Debug::LogEntry($db, 'audit', 'OUT', 'LayoutMediaGroupSecurity', 'Unlink');
1323+
1324+ return true;
1325+ }
1326+
1327+ /**
1328+ * Copies a media items permissions
1329+ * @param <type> $layoutId
1330+ * @param <type> $regionId
1331+ * @param <type> $mediaId
1332+ * @param <type> $newMediaId
1333+ * @return <type>
1334+ */
1335+ public function Copy($layoutId, $regionId, $mediaId, $newMediaId)
1336+ {
1337+ $db =& $this->db;
1338+
1339+ Debug::LogEntry($db, 'audit', 'IN', 'LayoutMediaGroupSecurity', 'Copy');
1340+
1341+ $SQL = "";
1342+ $SQL .= "INSERT ";
1343+ $SQL .= "INTO lklayoutmediagroup ";
1344+ $SQL .= " ( ";
1345+ $SQL .= " LayoutID, ";
1346+ $SQL .= " RegionID, ";
1347+ $SQL .= " MediaID, ";
1348+ $SQL .= " GroupID, ";
1349+ $SQL .= " View, ";
1350+ $SQL .= " Edit, ";
1351+ $SQL .= " Del ";
1352+ $SQL .= " ) ";
1353+ $SQL .= " SELECT LayoutID, RegionID, '%s', GroupID, View, Edit, Del ";
1354+ $SQL .= " FROM lklayoutmediagroup ";
1355+ $SQL .= " WHERE LayoutID = %d AND RegionID = '%s' AND MediaID = '%s' ";
1356+
1357+ $SQL = sprintf($SQL, $newMediaId, $layoutId, $regionId, $mediaId);
1358+
1359+ if (!$db->query($SQL))
1360+ {
1361+ trigger_error($db->error());
1362+ $this->SetError(25028, __('Could not Copy Layout Media Security'));
1363+
1364+ return false;
1365+ }
1366+
1367+ return true;
1368+ }
1369+}
1370+?>
1371\ No newline at end of file
1372
1373=== added file 'server/lib/data/layoutregiongroupsecurity.data.class.php'
1374--- server/lib/data/layoutregiongroupsecurity.data.class.php 1970-01-01 00:00:00 +0000
1375+++ server/lib/data/layoutregiongroupsecurity.data.class.php 2011-08-18 23:36:27 +0000
1376@@ -0,0 +1,150 @@
1377+<?php
1378+/*
1379+ * Xibo - Digitial Signage - http://www.xibo.org.uk
1380+ * Copyright (C) 2011 Daniel Garner
1381+ *
1382+ * This file is part of Xibo.
1383+ *
1384+ * Xibo is free software: you can redistribute it and/or modify
1385+ * it under the terms of the GNU Affero General Public License as published by
1386+ * the Free Software Foundation, either version 3 of the License, or
1387+ * any later version.
1388+ *
1389+ * Xibo is distributed in the hope that it will be useful,
1390+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
1391+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
1392+ * GNU Affero General Public License for more details.
1393+ *
1394+ * You should have received a copy of the GNU Affero General Public License
1395+ * along with Xibo. If not, see <http://www.gnu.org/licenses/>.
1396+ */
1397+defined('XIBO') or die('Sorry, you are not allowed to directly access this page.<br /> Please press the back button in your browser.');
1398+
1399+class LayoutRegionGroupSecurity extends Data
1400+{
1401+ public function __construct(database $db)
1402+ {
1403+ parent::__construct($db);
1404+ }
1405+
1406+ /**
1407+ * Links a Display Group to a Group
1408+ * @return
1409+ * @param $displayGroupID Object
1410+ * @param $groupID Object
1411+ */
1412+ public function Link($layoutId, $regionId, $groupId, $view, $edit, $del)
1413+ {
1414+ $db =& $this->db;
1415+
1416+ Debug::LogEntry($db, 'audit', 'IN', 'LayoutRegionGroupSecurity', 'Link');
1417+
1418+ $SQL = "";
1419+ $SQL .= "INSERT ";
1420+ $SQL .= "INTO lklayoutregiongroup ";
1421+ $SQL .= " ( ";
1422+ $SQL .= " LayoutID, ";
1423+ $SQL .= " RegionID, ";
1424+ $SQL .= " GroupID, ";
1425+ $SQL .= " View, ";
1426+ $SQL .= " Edit, ";
1427+ $SQL .= " Del ";
1428+ $SQL .= " ) ";
1429+ $SQL .= " VALUES ";
1430+ $SQL .= " ( ";
1431+ $SQL .= sprintf(" %d, '%s', '%s', %d, %d, %d ", $layoutId, $regionId, $groupId, $view, $edit, $del);
1432+ $SQL .= " )";
1433+
1434+ if (!$db->query($SQL))
1435+ {
1436+ trigger_error($db->error());
1437+ $this->SetError(25026, __('Could not Link Layout Region to Group'));
1438+
1439+ return false;
1440+ }
1441+
1442+ Debug::LogEntry($db, 'audit', 'OUT', 'LayoutRegionGroupSecurity', 'Link');
1443+
1444+ return true;
1445+ }
1446+
1447+ /**
1448+ * Links everyone to the layout specified
1449+ * @param <type> $layoutId
1450+ * @param <type> $view
1451+ * @param <type> $edit
1452+ * @param <type> $del
1453+ * @return <type>
1454+ */
1455+ public function LinkEveryone($layoutId, $regionId, $view, $edit, $del)
1456+ {
1457+ $db =& $this->db;
1458+
1459+ Debug::LogEntry($db, 'audit', 'IN', 'LayoutGroupSecurity', 'LinkEveryone');
1460+
1461+ $groupId = $db->GetSingleValue("SELECT GroupID FROM `group` WHERE IsEveryone = 1", 'GroupID', _INT);
1462+
1463+ return $this->Link($layoutId, $regionId, $groupId, $view, $edit, $del);
1464+ }
1465+
1466+ /**
1467+ * Unlinks a display group from a group
1468+ * @return
1469+ * @param $displayGroupID Object
1470+ * @param $groupID Object
1471+ */
1472+ public function Unlink($layoutId, $regionId, $groupId)
1473+ {
1474+ $db =& $this->db;
1475+
1476+ Debug::LogEntry($db, 'audit', 'IN', 'LayoutRegionGroupSecurity', 'Unlink');
1477+
1478+ $SQL = "";
1479+ $SQL .= "DELETE FROM ";
1480+ $SQL .= " lklayoutregiongroup ";
1481+ $SQL .= sprintf(" WHERE LayoutID = %d AND RegionID = '%s' AND GroupID = %d ", $layoutId, $regionId, $groupId);
1482+
1483+ if (!$db->query($SQL))
1484+ {
1485+ trigger_error($db->error());
1486+ $this->SetError(25027, __('Could not Unlink Layout Region from Group'));
1487+
1488+ return false;
1489+ }
1490+
1491+ Debug::LogEntry($db, 'audit', 'OUT', 'LayoutRegionGroupSecurity', 'Unlink');
1492+
1493+ return true;
1494+ }
1495+
1496+ /**
1497+ * Unlinks a display group from a group
1498+ * @return
1499+ * @param $displayGroupID Object
1500+ * @param $groupID Object
1501+ */
1502+ public function UnlinkAll($layoutId, $regionId)
1503+ {
1504+ $db =& $this->db;
1505+
1506+ Debug::LogEntry($db, 'audit', 'IN', 'LayoutRegionGroupSecurity', 'Unlink');
1507+
1508+ $SQL = "";
1509+ $SQL .= "DELETE FROM ";
1510+ $SQL .= " lklayoutregiongroup ";
1511+ $SQL .= sprintf(" WHERE LayoutID = %d AND RegionID = '%s' ", $layoutId, $regionId);
1512+
1513+ if (!$db->query($SQL))
1514+ {
1515+ trigger_error($db->error());
1516+ $this->SetError(25028, __('Could not Unlink Layout Region from Group'));
1517+
1518+ return false;
1519+ }
1520+
1521+ Debug::LogEntry($db, 'audit', 'OUT', 'LayoutRegionGroupSecurity', 'Unlink');
1522+
1523+ return true;
1524+ }
1525+}
1526+?>
1527\ No newline at end of file
1528
1529=== modified file 'server/lib/data/media.data.class.php'
1530--- server/lib/data/media.data.class.php 2011-05-14 10:14:52 +0000
1531+++ server/lib/data/media.data.class.php 2011-08-18 23:36:27 +0000
1532@@ -33,11 +33,10 @@
1533 * @param <type> $name
1534 * @param <type> $duration
1535 * @param <type> $fileName
1536- * @param <type> $permissionId
1537 * @param <type> $userId
1538 * @return <type>
1539 */
1540- public function Add($fileId, $type, $name, $duration, $fileName, $permissionId, $userId)
1541+ public function Add($fileId, $type, $name, $duration, $fileName, $userId)
1542 {
1543 $db =& $this->db;
1544
1545@@ -62,11 +61,11 @@
1546 return $this->SetError(12, __('Media you own already has this name. Please choose another.'));
1547
1548 // All OK to insert this record
1549- $SQL = "INSERT INTO media (name, type, duration, originalFilename, permissionID, userID, retired ) ";
1550- $SQL .= "VALUES ('%s', '%s', '%s', '%s', %d, %d, 0) ";
1551+ $SQL = "INSERT INTO media (name, type, duration, originalFilename, userID, retired ) ";
1552+ $SQL .= "VALUES ('%s', '%s', '%s', '%s', %d, 0) ";
1553
1554 $SQL = sprintf($SQL, $db->escape_string($name), $db->escape_string($type),
1555- $db->escape_string($duration), $db->escape_string($fileName), $permissionId, $userId);
1556+ $db->escape_string($duration), $db->escape_string($fileName), $userId);
1557
1558 if (!$mediaId = $db->insert_query($SQL))
1559 {
1560@@ -111,10 +110,9 @@
1561 * @param <type> $mediaId
1562 * @param <type> $name
1563 * @param <type> $duration
1564- * @param <type> $permissionId
1565 * @return <bool>
1566 */
1567- public function Edit($mediaId, $name, $duration, $permissionId, $userId)
1568+ public function Edit($mediaId, $name, $duration, $userId)
1569 {
1570 $db =& $this->db;
1571
1572@@ -128,8 +126,8 @@
1573 if ($db->GetSingleRow(sprintf("SELECT name FROM media WHERE name = '%s' AND userid = %d", $db->escape_string($name), $userId)))
1574 return $this->SetError(12, __('Media you own already has this name. Please choose another.'));
1575
1576- $SQL = "UPDATE media SET name = '%s', duration = %d, permissionID = %d WHERE MediaID = %d";
1577- $SQL = sprintf($SQL, $db->escape_string($name), $duration, $permissionId, $mediaId);
1578+ $SQL = "UPDATE media SET name = '%s', duration = %d WHERE MediaID = %d";
1579+ $SQL = sprintf($SQL, $db->escape_string($name), $duration, $mediaId);
1580
1581 if (!$db->query($SQL))
1582 {
1583@@ -153,7 +151,7 @@
1584 // Call add with this file Id and then update the existing mediaId with the returned mediaId
1585 // from the add call.
1586 // Will need to get some information about the existing media record first.
1587- $SQL = "SELECT name, duration, permissionId, UserID, type FROM media WHERE MediaID = %d";
1588+ $SQL = "SELECT name, duration, UserID, type FROM media WHERE MediaID = %d";
1589 $SQL = sprintf($SQL, $mediaId);
1590
1591 if (!$row = $db->GetSingleRow($SQL))
1592@@ -162,7 +160,7 @@
1593 return $this->SetError(31, 'Unable to get information about existing media record.');
1594 }
1595
1596- if (!$newMediaId = $this->Add($fileId, $row['type'], $row['name'], $row['duration'], $fileName, $row['permissionId'], $row['UserID']))
1597+ if (!$newMediaId = $this->Add($fileId, $row['type'], $row['name'], $row['duration'], $fileName, $row['UserID']))
1598 return false;
1599
1600 // Update the existing record with the new record's id
1601
1602=== added file 'server/lib/data/mediagroupsecurity.data.class.php'
1603--- server/lib/data/mediagroupsecurity.data.class.php 1970-01-01 00:00:00 +0000
1604+++ server/lib/data/mediagroupsecurity.data.class.php 2011-08-18 23:36:27 +0000
1605@@ -0,0 +1,188 @@
1606+<?php
1607+/*
1608+ * Xibo - Digitial Signage - http://www.xibo.org.uk
1609+ * Copyright (C) 2011 Daniel Garner
1610+ *
1611+ * This file is part of Xibo.
1612+ *
1613+ * Xibo is free software: you can redistribute it and/or modify
1614+ * it under the terms of the GNU Affero General Public License as published by
1615+ * the Free Software Foundation, either version 3 of the License, or
1616+ * any later version.
1617+ *
1618+ * Xibo is distributed in the hope that it will be useful,
1619+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
1620+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
1621+ * GNU Affero General Public License for more details.
1622+ *
1623+ * You should have received a copy of the GNU Affero General Public License
1624+ * along with Xibo. If not, see <http://www.gnu.org/licenses/>.
1625+ */
1626+defined('XIBO') or die('Sorry, you are not allowed to directly access this page.<br /> Please press the back button in your browser.');
1627+
1628+class MediaGroupSecurity extends Data
1629+{
1630+ public function __construct(database $db)
1631+ {
1632+ parent::__construct($db);
1633+ }
1634+
1635+ /**
1636+ * Links a Display Group to a Group
1637+ * @return
1638+ * @param $displayGroupID Object
1639+ * @param $groupID Object
1640+ */
1641+ public function Link($mediaId, $groupId, $view, $edit, $del)
1642+ {
1643+ $db =& $this->db;
1644+
1645+ Debug::LogEntry($db, 'audit', 'IN', 'MediaGroupSecurity', 'Link');
1646+
1647+ $SQL = "";
1648+ $SQL .= "INSERT ";
1649+ $SQL .= "INTO lkmediagroup ";
1650+ $SQL .= " ( ";
1651+ $SQL .= " MediaID, ";
1652+ $SQL .= " GroupID, ";
1653+ $SQL .= " View, ";
1654+ $SQL .= " Edit, ";
1655+ $SQL .= " Del ";
1656+ $SQL .= " ) ";
1657+ $SQL .= " VALUES ";
1658+ $SQL .= " ( ";
1659+ $SQL .= sprintf(" %d, %d, %d, %d, %d ", $mediaId, $groupId, $view, $edit, $del);
1660+ $SQL .= " )";
1661+
1662+ if (!$db->query($SQL))
1663+ {
1664+ trigger_error($db->error());
1665+ $this->SetError(25026, __('Could not Link Media to Group'));
1666+
1667+ return false;
1668+ }
1669+
1670+ Debug::LogEntry($db, 'audit', 'OUT', 'MediaGroupSecurity', 'Link');
1671+
1672+ return true;
1673+ }
1674+
1675+ /**
1676+ * Links everyone to the layout specified
1677+ * @param <type> $layoutId
1678+ * @param <type> $view
1679+ * @param <type> $edit
1680+ * @param <type> $del
1681+ * @return <type>
1682+ */
1683+ public function LinkEveryone($mediaId, $view, $edit, $del)
1684+ {
1685+ $db =& $this->db;
1686+
1687+ Debug::LogEntry($db, 'audit', 'IN', 'MediaGroupSecurity', 'LinkEveryone');
1688+
1689+ $groupId = $db->GetSingleValue("SELECT GroupID FROM `group` WHERE IsEveryone = 1", 'GroupID', _INT);
1690+
1691+ return $this->Link($mediaId, $groupId, $view, $edit, $del);
1692+ }
1693+
1694+ /**
1695+ * Unlinks a display group from a group
1696+ * @return
1697+ * @param $displayGroupID Object
1698+ * @param $groupID Object
1699+ */
1700+ public function Unlink($mediaId, $groupId)
1701+ {
1702+ $db =& $this->db;
1703+
1704+ Debug::LogEntry($db, 'audit', 'IN', 'MediaGroupSecurity', 'Unlink');
1705+
1706+ $SQL = "";
1707+ $SQL .= "DELETE FROM ";
1708+ $SQL .= " lkmediagroup ";
1709+ $SQL .= sprintf(" WHERE MediaID = %d AND GroupID = %d ", $mediaId, $groupId);
1710+
1711+ if (!$db->query($SQL))
1712+ {
1713+ trigger_error($db->error());
1714+ $this->SetError(25027, __('Could not Unlink Layout from Group'));
1715+
1716+ return false;
1717+ }
1718+
1719+ Debug::LogEntry($db, 'audit', 'OUT', 'MediaGroupSecurity', 'Unlink');
1720+
1721+ return true;
1722+ }
1723+
1724+ /**
1725+ * Unlinks a display group from a group
1726+ * @return
1727+ * @param $displayGroupID Object
1728+ * @param $groupID Object
1729+ */
1730+ public function UnlinkAll($mediaId)
1731+ {
1732+ $db =& $this->db;
1733+
1734+ Debug::LogEntry($db, 'audit', 'IN', 'MediaGroupSecurity', 'Unlink');
1735+
1736+ $SQL = "";
1737+ $SQL .= "DELETE FROM ";
1738+ $SQL .= " lkmediagroup ";
1739+ $SQL .= sprintf(" WHERE MediaID = %d ", $mediaId);
1740+
1741+ if (!$db->query($SQL))
1742+ {
1743+ trigger_error($db->error());
1744+ $this->SetError(25028, __('Could not Unlink Media from Group'));
1745+
1746+ return false;
1747+ }
1748+
1749+ Debug::LogEntry($db, 'audit', 'OUT', 'MediaGroupSecurity', 'Unlink');
1750+
1751+ return true;
1752+ }
1753+
1754+ /**
1755+ * Copies a media items permissions
1756+ * @param <type> $mediaId
1757+ * @param <type> $newMediaId
1758+ * @return <type>
1759+ */
1760+ public function Copy($mediaId, $newMediaId)
1761+ {
1762+ $db =& $this->db;
1763+
1764+ Debug::LogEntry($db, 'audit', 'IN', 'MediaGroupSecurity', 'Copy');
1765+
1766+ $SQL = "";
1767+ $SQL .= "INSERT ";
1768+ $SQL .= "INTO lkmediagroup ";
1769+ $SQL .= " ( ";
1770+ $SQL .= " MediaID, ";
1771+ $SQL .= " GroupID, ";
1772+ $SQL .= " View, ";
1773+ $SQL .= " Edit, ";
1774+ $SQL .= " Del ";
1775+ $SQL .= " ) ";
1776+ $SQL .= " SELECT '%s', GroupID, View, Edit, Del ";
1777+ $SQL .= " FROM lkmediagroup ";
1778+ $SQL .= " WHERE MediaID = '%s' ";
1779+
1780+ $SQL = sprintf($SQL, $newMediaId, $mediaId);
1781+
1782+ if (!$db->query($SQL))
1783+ {
1784+ trigger_error($db->error());
1785+ $this->SetError(25028, __('Could not Copy Layout Media Security'));
1786+
1787+ return false;
1788+ }
1789+
1790+ return true;
1791+ }
1792+}
1793+?>
1794\ No newline at end of file
1795
1796=== modified file 'server/lib/data/schedule.data.class.php'
1797--- server/lib/data/schedule.data.class.php 2011-02-13 17:08:55 +0000
1798+++ server/lib/data/schedule.data.class.php 2011-08-18 23:36:27 +0000
1799@@ -44,6 +44,8 @@
1800 if (count($displayGroupIDs) == 0)
1801 return $this->SetError(25001, __('No display groups selected'));
1802
1803+ if ($userID == 0)
1804+ return $this->SetError(25001, __('No User Id Present'));
1805
1806 // Cant have a 0 increment as it creates a loop
1807 if ($recDetail == 0)
1808
1809=== added file 'server/lib/data/templategroupsecurity.data.class.php'
1810--- server/lib/data/templategroupsecurity.data.class.php 1970-01-01 00:00:00 +0000
1811+++ server/lib/data/templategroupsecurity.data.class.php 2011-08-18 23:36:27 +0000
1812@@ -0,0 +1,130 @@
1813+<?php
1814+/*
1815+ * Xibo - Digitial Signage - http://www.xibo.org.uk
1816+ * Copyright (C) 2011 Daniel Garner
1817+ *
1818+ * This file is part of Xibo.
1819+ *
1820+ * Xibo is free software: you can redistribute it and/or modify
1821+ * it under the terms of the GNU Affero General Public License as published by
1822+ * the Free Software Foundation, either version 3 of the License, or
1823+ * any later version.
1824+ *
1825+ * Xibo is distributed in the hope that it will be useful,
1826+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
1827+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
1828+ * GNU Affero General Public License for more details.
1829+ *
1830+ * You should have received a copy of the GNU Affero General Public License
1831+ * along with Xibo. If not, see <http://www.gnu.org/licenses/>.
1832+ */
1833+defined('XIBO') or die('Sorry, you are not allowed to directly access this page.<br /> Please press the back button in your browser.');
1834+
1835+class TemplateGroupSecurity extends Data
1836+{
1837+ public function __construct(database $db)
1838+ {
1839+ parent::__construct($db);
1840+ }
1841+
1842+ /**
1843+ * Links a Display Group to a Group
1844+ * @return
1845+ * @param $displayGroupID Object
1846+ * @param $groupID Object
1847+ */
1848+ public function Link($templateId, $groupId, $view, $edit, $del)
1849+ {
1850+ $db =& $this->db;
1851+
1852+ Debug::LogEntry($db, 'audit', 'IN', 'TemplateGroupSecurity', 'Link');
1853+
1854+ $SQL = "";
1855+ $SQL .= "INSERT ";
1856+ $SQL .= "INTO lktemplategroup ";
1857+ $SQL .= " ( ";
1858+ $SQL .= " TemplateID, ";
1859+ $SQL .= " GroupID, ";
1860+ $SQL .= " View, ";
1861+ $SQL .= " Edit, ";
1862+ $SQL .= " Del ";
1863+ $SQL .= " ) ";
1864+ $SQL .= " VALUES ";
1865+ $SQL .= " ( ";
1866+ $SQL .= sprintf(" %d, %d, %d, %d, %d ", $templateId, $groupId, $view, $edit, $del);
1867+ $SQL .= " )";
1868+
1869+ if (!$db->query($SQL))
1870+ {
1871+ trigger_error($db->error());
1872+ $this->SetError(25024, __('Could not Link Template to Group'));
1873+
1874+ return false;
1875+ }
1876+
1877+ Debug::LogEntry($db, 'audit', 'OUT', 'TemplateGroupSecurity', 'Link');
1878+
1879+ return true;
1880+ }
1881+
1882+ /**
1883+ * Unlinks a display group from a group
1884+ * @return
1885+ * @param $displayGroupID Object
1886+ * @param $groupID Object
1887+ */
1888+ public function Unlink($templateId, $groupId)
1889+ {
1890+ $db =& $this->db;
1891+
1892+ Debug::LogEntry($db, 'audit', 'IN', 'TemplateGroupSecurity', 'Unlink');
1893+
1894+ $SQL = "";
1895+ $SQL .= "DELETE FROM ";
1896+ $SQL .= " lktemplategroup ";
1897+ $SQL .= sprintf(" WHERE TemplateID = %d AND GroupID = %d ", $templateId, $groupId);
1898+
1899+ if (!$db->query($SQL))
1900+ {
1901+ trigger_error($db->error());
1902+ $this->SetError(25025, __('Could not Unlink Template from Group'));
1903+
1904+ return false;
1905+ }
1906+
1907+ Debug::LogEntry($db, 'audit', 'OUT', 'TemplateGroupSecurity', 'Unlink');
1908+
1909+ return true;
1910+ }
1911+
1912+ /**
1913+ * Unlinks a display group from a group
1914+ * @return
1915+ * @param $displayGroupID Object
1916+ * @param $groupID Object
1917+ */
1918+ public function UnlinkAll($templateId)
1919+ {
1920+ $db =& $this->db;
1921+
1922+ Debug::LogEntry($db, 'audit', 'IN', 'TemplateGroupSecurity', 'Unlink');
1923+
1924+ $SQL = "";
1925+ $SQL .= "DELETE FROM ";
1926+ $SQL .= " lktemplategroup ";
1927+ $SQL .= sprintf(" WHERE TemplateID = %d ", $templateId);
1928+
1929+ if (!$db->query($SQL))
1930+ {
1931+ trigger_error($db->error());
1932+ $this->SetError(25025, __('Could not Unlink Template from Group'));
1933+
1934+ return false;
1935+ }
1936+
1937+ Debug::LogEntry($db, 'audit', 'OUT', 'TemplateGroupSecurity', 'Unlink');
1938+
1939+ return true;
1940+ }
1941+}
1942+?>
1943\ No newline at end of file
1944
1945=== modified file 'server/lib/include.php'
1946--- server/lib/include.php 2011-06-05 16:17:41 +0000
1947+++ server/lib/include.php 2011-08-18 23:36:27 +0000
1948@@ -32,6 +32,7 @@
1949 require_once("lib/app/pagemanager.class.php");
1950 require_once("lib/app/menumanager.class.php");
1951 require_once("lib/app/modulemanager.class.php");
1952+require_once("lib/app/permissionmanager.class.php");
1953 require_once("lib/app/formmanager.class.php");
1954 require_once("lib/app/helpmanager.class.php");
1955 require_once("lib/app/responsemanager.class.php");
1956
1957=== modified file 'server/lib/js/core.js'
1958--- server/lib/js/core.js 2010-08-01 10:45:26 +0000
1959+++ server/lib/js/core.js 2011-08-18 23:36:27 +0000
1960@@ -24,7 +24,7 @@
1961 $('#system_message').dialog({
1962 title: "Application Message",
1963 width: "320",
1964- height: "120",
1965+ height: "220",
1966 draggable: false,
1967 resizable: false,
1968 bgiframe: true,
1969@@ -299,6 +299,14 @@
1970 $('input[type=text]', '#div_dialog').eq(0).focus();
1971 }
1972
1973+ if (response.appendHiddenSubmit) {
1974+ var hiddenField = '<input type="submit" style="display:none" />';
1975+
1976+ if ($("input[type=submit]", "#div_dialog").length == 0) {
1977+ $("form", "#div_dialog").append('<input type="submit" style="display:none" />');
1978+ }
1979+ }
1980+
1981 // Call Xibo Init for this form
1982 XiboInitialise("#div_dialog");
1983 }
1984@@ -410,8 +418,9 @@
1985 }
1986
1987 // Should we display the message?
1988- if (!response.hideMessage || response.message != '') {
1989- SystemMessage(response.message);
1990+ if (!response.hideMessage) {
1991+ if (response.message != '')
1992+ SystemMessage(response.message);
1993 }
1994
1995 // Do we need to fire a callback function?
1996
1997=== added file 'server/lib/js/dataset.js'
1998--- server/lib/js/dataset.js 1970-01-01 00:00:00 +0000
1999+++ server/lib/js/dataset.js 2011-08-18 23:36:27 +0000
2000@@ -0,0 +1,69 @@
2001+/*
2002+ * Xibo - Digitial Signage - http://www.xibo.org.uk
2003+ * Copyright (C) 2011 Daniel Garner
2004+ *
2005+ * This file is part of Xibo.
2006+ *
2007+ * Xibo is free software: you can redistribute it and/or modify
2008+ * it under the terms of the GNU Affero General Public License as published by
2009+ * the Free Software Foundation, either version 3 of the License, or
2010+ * any later version.
2011+ *
2012+ * Xibo is distributed in the hope that it will be useful,
2013+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
2014+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
2015+ * GNU Affero General Public License for more details.
2016+ *
2017+ * You should have received a copy of the GNU Affero General Public License
2018+ * along with Xibo. If not, see <http://www.gnu.org/licenses/>.
2019+ */
2020+
2021+var dataSetData = function() {
2022+ $('.XiboDataSetDataForm').submit(function() {
2023+ return false;
2024+ });
2025+
2026+ $('.XiboDataSetDataForm input').change(XiboDataSetDataFormChange);
2027+ $('.XiboDataSetDataForm select').change(XiboDataSetDataFormChange);
2028+}
2029+
2030+var XiboDataSetDataFormChange = function() {
2031+ // Submit this form using AJAX.
2032+ var url = $(this.form).attr("action") + "&ajax=true";
2033+
2034+ $.ajax({
2035+ type:"post",
2036+ url:url,
2037+ cache:false,
2038+ dataType:"json",
2039+ data:$(this.form).serialize(),
2040+ success: XiboDataSetDataFormSubmitResponse
2041+ });
2042+
2043+ return false;
2044+}
2045+
2046+var XiboDataSetDataFormSubmitResponse = function(response) {
2047+
2048+ if (response.success) {
2049+ $('#' + response.uniqueReference).attr("action", response.loadFormUri);
2050+ }
2051+ else {
2052+ // Login Form needed?
2053+ if (response.login) {
2054+ LoginBox(response.message);
2055+ return false;
2056+ }
2057+ else {
2058+ // Just an error we dont know about
2059+ if (response.message == undefined) {
2060+ SystemMessage(response);
2061+ }
2062+ else {
2063+ SystemMessage(response.message);
2064+ }
2065+ }
2066+ }
2067+
2068+ return false;
2069+}
2070\ No newline at end of file
2071
2072=== modified file 'server/lib/js/layout.js'
2073--- server/lib/js/layout.js 2010-08-05 19:09:05 +0000
2074+++ server/lib/js/layout.js 2011-08-18 23:36:27 +0000
2075@@ -89,7 +89,7 @@
2076 return false; //prevent submit
2077 }
2078
2079-function microblog_callback()
2080+var microblog_callback = function()
2081 {
2082 // Conjure up a text editor
2083 $("#ta_template").ckeditor();
2084@@ -169,7 +169,7 @@
2085 var layoutid = $(t).attr("layoutid");
2086 var regionid = $(t).attr("regionid");
2087
2088- XiboFormRender("index.php?p=user&q=SetUserHomepageForm&layoutid="+layoutid+"&regionid="+regionid);
2089+ XiboFormRender("index.php?p=layout&q=RegionPermissionsForm&layoutid="+layoutid+"&regionid="+regionid);
2090 }
2091 }
2092 });
2093@@ -195,7 +195,7 @@
2094
2095
2096 // Preview
2097- $('.region').each(function(){
2098+ $('.regionPreview').each(function(){
2099 new Preview(this);
2100 });
2101
2102
2103=== modified file 'server/lib/js/mediamanager.js'
2104--- server/lib/js/mediamanager.js 2009-12-31 11:38:50 +0000
2105+++ server/lib/js/mediamanager.js 2011-08-18 23:36:27 +0000
2106@@ -1,6 +1,6 @@
2107 /*
2108 * Xibo - Digitial Signage - http://www.xibo.org.uk
2109- * Copyright (C) 2006,2007,2008 Daniel Garner and James Packer
2110+ * Copyright (C) 2011 Daniel Garner
2111 *
2112 * This file is part of Xibo.
2113 *
2114@@ -16,121 +16,69 @@
2115 *
2116 * You should have received a copy of the GNU Affero General Public License
2117 * along with Xibo. If not, see <http://www.gnu.org/licenses/>.
2118- */
2119-$(document).ready(function() {
2120-
2121-});
2122-
2123-var exec_filter_callback = function() {
2124-
2125-}
2126-
2127-var submit_form_callback = function(outputDiv) {
2128-
2129- //Just refresh
2130- //window.location = window.location.href;
2131-
2132- return false;
2133-}
2134-
2135-var region_options_callback = function(outputDiv)
2136-{
2137- set_form_size(830,450);
2138-
2139- //Get all the tooltip_hidden
2140- $(".tooltip_hidden").parent().hover(function()
2141- {
2142- //Change the hidden div's content
2143- $('#tooltip_hover').html($(".tooltip_hidden",this).html()).css("left",$(this).css("left")).show();
2144- }, function()
2145- {
2146- $('#tooltip_hover').hide();
2147- });
2148-
2149- //Make the elements draggable
2150- $(".timebar_ctl").draggable({
2151- containment: document.getElementById("timeline_ctl")
2152- });
2153-
2154- $(".mediabreak").droppable({
2155- accept: ".timebar_ctl",
2156- drop: function(ev, ui) {
2157- orderRegion(ui, this);
2158- }
2159- });
2160-}
2161-
2162-function orderRegion(timeBar, mediaBreak){
2163- var layoutid = $(timeBar.element.offsetParent).attr("layoutid");
2164- var regionid = $(timeBar.element.offsetParent).attr("regionid");
2165- var mediaid = $(timeBar.element).attr("mediaid");
2166- var sequence = $(mediaBreak).attr("breakid");
2167-
2168- $.ajax({
2169- type: "post",
2170- url: "index.php?p=layout&q=RegionOrder&layoutid=" + layoutid + "&callingpage=mediamanager&ajax=true",
2171- cache: false,
2172- datatype: "html",
2173- data: {
2174- "mediaid": mediaid,
2175- "sequence": sequence,
2176- "regionid": regionid
2177- },
2178- success: function(transport){
2179-
2180- var response = transport.split('|');
2181-
2182- if (response[0] == '0') {
2183- //success
2184- //Post notice somewhere?
2185- }
2186- else
2187- if (response[0] == '1') //failure
2188- {
2189-
2190- alert(response[1]);
2191- }
2192- else
2193- if (response[0] == '2') //login
2194- {
2195- alert("You need to login");
2196- }
2197- else
2198- if (response[0] == '3') {
2199- window.location = response[1]; //redirect
2200- }
2201- else
2202- if (response[0] == '6') //success, load form
2203- {
2204- //we need: uri, callback, onsubmit
2205- var uri = response[1];
2206- var callback = response[2];
2207- var onsubmit = response[3];
2208-
2209- load_form(uri, $('#div_dialog'), callback, onsubmit);
2210- }
2211- else {
2212- alert("An unknown error occured");
2213- }
2214-
2215- return false;
2216- }
2217- });
2218-}
2219-
2220-function dialog_filter() {
2221- exec_filter('stack_filter_form','dialog_grid');
2222-
2223- return false;
2224-}
2225-
2226-/**
2227- * Handles the tRegionOptions trigger
2228 */
2229-function tRegionOptions()
2230-{
2231- var regionid = gup("regionid");
2232- var layoutid = gup("layoutid");
2233-
2234- load_form('index.php?p=layout&layoutid='+layoutid+'&regionid='+regionid+'&q=RegionOptions', $('#div_dialog'),'',region_options_callback);
2235+var text_callback = function()
2236+{
2237+ // Conjure up a text editor
2238+ $("#ta_text").ckeditor();
2239+
2240+ // Make sure when we close the dialog we also destroy the editor
2241+ $("#div_dialog").bind("dialogclose.xibo", function(event, ui){
2242+ $("#ta_text").ckeditorGet().destroy();
2243+ $("#div_dialog").unbind("dialogclose.xibo");
2244+ })
2245+
2246+ var regionid = $("#iRegionId").val();
2247+ var width = $("#region_"+regionid).width();
2248+ var height = $("#region_"+regionid).height();
2249+
2250+ // Min width
2251+ if (width < 800) width = 800;
2252+
2253+ // Adjust the width and height
2254+ width = width + 80;
2255+ height = height + 295;
2256+
2257+ $('#div_dialog').height(height+"px");
2258+ $('#div_dialog').dialog('option', 'width', width);
2259+ $('#div_dialog').dialog('option', 'height', height);
2260+ $('#div_dialog').dialog('option', 'position', 'center');
2261+
2262+ return false; //prevent submit
2263+}
2264+
2265+var microblog_callback = function()
2266+{
2267+ // Conjure up a text editor
2268+ $("#ta_template").ckeditor();
2269+ $("#ta_nocontent").ckeditor();
2270+
2271+ // Make sure when we close the dialog we also destroy the editor
2272+ $("#div_dialog").bind("dialogclose.xibo", function(event, ui){
2273+ $("#ta_template").ckeditorGet().destroy();
2274+ $("#ta_nocontent").ckeditorGet().destroy();
2275+
2276+ $("#div_dialog").unbind("dialogclose.xibo");
2277+ })
2278+
2279+ var regionid = $("#iRegionId").val();
2280+ var width = $("#region_"+regionid).width();
2281+ var height = $("#region_"+regionid).height();
2282+
2283+ //Min width
2284+ if (width < 800) width = 800;
2285+ height = height - 170;
2286+
2287+ // Min height
2288+ if (height < 300) height = 300;
2289+
2290+ width = width + 80;
2291+ height = height + 480;
2292+
2293+ $('#div_dialog').height(height+"px");
2294+ $('#div_dialog').dialog('option', 'width', width);
2295+ $('#div_dialog').dialog('option', 'height', height);
2296+ $('#div_dialog').dialog('option', 'position', 'center');
2297+
2298+ return false; //prevent submit
2299 }
2300\ No newline at end of file
2301
2302=== modified file 'server/lib/modules/module.class.php'
2303--- server/lib/modules/module.class.php 2010-08-28 13:20:11 +0000
2304+++ server/lib/modules/module.class.php 2011-08-18 23:36:27 +0000
2305@@ -27,13 +27,15 @@
2306 protected $user;
2307 protected $region;
2308 protected $response;
2309+ public $auth;
2310+ protected $type;
2311+ protected $displayType;
2312
2313 protected $layoutid;
2314 protected $regionid;
2315
2316 protected $mediaid;
2317 protected $name;
2318- protected $type;
2319 private $schemaVersion;
2320 protected $regionSpecific;
2321 protected $duration;
2322@@ -45,6 +47,9 @@
2323
2324 protected $existingMedia;
2325 protected $deleteFromRegion;
2326+ protected $showRegionOptions;
2327+ protected $originalUserId;
2328+ protected $assignedMedia;
2329
2330 /**
2331 * Constructor - sets up this media object with all the available information
2332@@ -73,12 +78,13 @@
2333
2334 $this->existingMedia = false;
2335 $this->deleteFromRegion = false;
2336- $this->duration = '';
2337+ $this->showRegionOptions = Kit::GetParam('showRegionOptions', _REQUEST, _INT, 1);
2338+ $this->duration = '';
2339
2340 // Determine which type this module is
2341 $this->SetModuleInformation();
2342
2343- Debug::LogEntry($db, 'audit', 'New module created with MediaID: ' . $mediaid . ' LayoutID: ' . $layoutid . ' and RegionID: ' . $regionid);
2344+ Debug::LogEntry($db, 'audit', 'Module created with MediaID: ' . $mediaid . ' LayoutID: ' . $layoutid . ' and RegionID: ' . $regionid);
2345
2346 // Either the information from the region - or some blanks
2347 $this->SetMediaInformation($this->layoutid, $this->regionid, $this->mediaid, $this->lkid);
2348@@ -135,18 +141,20 @@
2349 */
2350 final private function SetMediaInformation($layoutid, $regionid, $mediaid, $lkid)
2351 {
2352- $db =& $this->db;
2353- $region =& $this->region;
2354- $xmlDoc = new DOMDocument();
2355+ $db =& $this->db;
2356+ $region =& $this->region;
2357+ $xmlDoc = new DOMDocument();
2358
2359 if ($this->mediaid != '' && $this->regionid != '' && $this->layoutid != '')
2360 {
2361+ // Existing media that is assigned to a layout
2362 $this->existingMedia = true;
2363+ $this->assignedMedia = true;
2364
2365 // Set the layout Xml
2366 $layoutXml = $region->GetLayoutXml($layoutid);
2367
2368- Debug::LogEntry($db, 'audit', 'Layout XML retrieved: ' . $layoutXml);
2369+ //Debug::LogEntry($db, 'audit', 'Layout XML retrieved: ' . $layoutXml);
2370
2371 $layoutDoc = new DOMDocument();
2372 $layoutDoc->loadXML($layoutXml);
2373@@ -173,10 +181,17 @@
2374
2375 // Get the LK id if we do not have one provided
2376 if ($lkid == '')
2377- $this->lkid = $mediaNode->getAttribute('lkid');
2378+ $this->lkid = $mediaNode->getAttribute('lkid');
2379+
2380+ $this->originalUserId = $mediaNode->getAttribute('userId');
2381+
2382+ // Make sure we have permissions
2383+ $this->auth = $this->user->MediaAssignmentAuth($this->originalUserId, $this->layoutid, $this->regionid, $this->mediaid, true);
2384
2385 $mediaNode = $xmlDoc->importNode($mediaNode, true);
2386 $xmlDoc->documentElement->appendChild($mediaNode);
2387+
2388+ Debug::LogEntry($db, 'audit', 'Existing Assigned Media XML is: \n ' . $xmlDoc->saveXML(), 'module', 'SetMediaInformation');
2389 }
2390 else
2391 {
2392@@ -186,9 +201,10 @@
2393 // But this is some existing media
2394 // Therefore make sure we get the bare minimum!
2395 $this->existingMedia = true;
2396+ $this->assignedMedia = false;
2397
2398 // Load what we know about this media into the object
2399- $SQL = "SELECT duration, name FROM media WHERE mediaID = '$mediaid'";
2400+ $SQL = "SELECT duration, name, UserId FROM media WHERE mediaID = '$mediaid'";
2401
2402 Debug::LogEntry($db, 'audit', $SQL, 'Module', 'SetMediaInformation');
2403
2404@@ -199,15 +215,23 @@
2405
2406 if ($db->num_rows($result) != 0)
2407 {
2408- $row = $db->get_row($result);
2409- $this->duration = $row[0];
2410- $this->name = $row[1];
2411+ $row = $db->get_row($result);
2412+ $this->duration = $row[0];
2413+ $this->name = $row[1];
2414+ $this->originalUserId = $row[2];
2415 }
2416+
2417+ $this->auth = $this->user->MediaAuth($this->mediaid, true);
2418+ }
2419+ else
2420+ {
2421+ // New assignment, therefore user and permissions are defaulted
2422+ $this->originalUserId = $this->user->userid;
2423 }
2424
2425 $xml = <<<XML
2426 <root>
2427- <media id="" type="$this->type" duration="" lkid="" schemaVersion="$this->schemaVersion">
2428+ <media id="" type="$this->type" duration="" lkid="" userId="$this->originalUserId" schemaVersion="$this->schemaVersion">
2429 <options />
2430 <raw />
2431 </media>
2432@@ -217,9 +241,6 @@
2433 }
2434
2435 $this->xml = $xmlDoc;
2436-
2437- Debug::LogEntry($db, 'audit', 'XML is: ' . $this->xml->saveXML());
2438-
2439 return true;
2440 }
2441
2442@@ -257,6 +278,7 @@
2443 $mediaNode->setAttribute('id', $this->mediaid);
2444 $mediaNode->setAttribute('duration', $this->duration);
2445 $mediaNode->setAttribute('type', $this->type);
2446+ $mediaNode->setAttribute('userId', $this->originalUserId);
2447
2448 return $this->xml->saveXML($mediaNode);
2449 }
2450@@ -439,37 +461,150 @@
2451 */
2452 public function DeleteForm()
2453 {
2454- $db =& $this->db;
2455-
2456- //Parameters
2457- $layoutid = $this->layoutid;
2458- $regionid = $this->regionid;
2459- $mediaid = $this->mediaid;
2460-
2461- // Messages
2462- $msgTitle = __('Return to the Region Options');
2463- $msgWarn = __('Are you sure you want to remove this item from Xibo?');
2464- $msgWarnLost = __('It will be lost');
2465-
2466- //we can delete
2467- $form = <<<END
2468- <form class="XiboForm" method="post" action="index.php?p=module&mod=text&q=Exec&method=DeleteMedia">
2469- <input type="hidden" name="mediaid" value="$mediaid">
2470- <input type="hidden" name="layoutid" value="$layoutid">
2471- <input type="hidden" name="regionid" value="$regionid">
2472- <p>$msgWarn <span class="required">$msgWarnLost</span>.</p>
2473- <input id="btnSave" type="submit" value="Yes" />
2474- <input class="XiboFormButton" id="btnCancel" type="button" title="$msgTitle" href="index.php?p=layout&layoutid=$layoutid&regionid=$regionid&q=RegionOptions" value="No" />
2475- </form>
2476-END;
2477-
2478- $this->response->html = $form;
2479- $this->response->dialogTitle = __('Delete Item');
2480- $this->response->dialogSize = true;
2481- $this->response->dialogWidth = '450px';
2482- $this->response->dialogHeight = '150px';
2483-
2484- return $this->response;
2485+ $db =& $this->db;
2486+ $helpManager = new HelpManager($db, $this->user);
2487+ $this->response->AddButton(__('Help'), 'XiboHelpRender("' . $helpManager->Link($this->type, 'Delete') . '")');
2488+
2489+ //Parameters
2490+ $layoutid = $this->layoutid;
2491+ $regionid = $this->regionid;
2492+ $mediaid = $this->mediaid;
2493+ $lkid = $this->lkid;
2494+ $userid = $this->user->userid;
2495+
2496+ // Can this user delete?
2497+ if (!$this->auth->del)
2498+ {
2499+ $this->response->SetError('You do not have permission to delete this media.');
2500+ $this->response->keepOpen = false;
2501+ return $this->response;
2502+ }
2503+
2504+ // Messages
2505+ $msgTitle = __('Return to the Region Options');
2506+ $msgWarn = __('Are you sure you want to remove this item from Xibo?');
2507+ $msgWarnLost = __('It will be lost');
2508+ $msgYes = __('Yes');
2509+ $msgNo = __('No');
2510+
2511+ if ($this->regionSpecific)
2512+ {
2513+ $form = <<<END
2514+ <form id="MediaDeleteForm" class="XiboForm" method="post" action="index.php?p=module&mod=text&q=Exec&method=DeleteMedia">
2515+ <input type="hidden" name="mediaid" value="$mediaid">
2516+ <input type="hidden" name="layoutid" value="$layoutid">
2517+ <input type="hidden" name="regionid" value="$regionid">
2518+ <p>$msgWarn <span class="required">$msgWarnLost</span>.</p>
2519+ </form>
2520+END;
2521+ $this->response->AddButton(__('No'), 'XiboFormRender("index.php?p=layout&layoutid=' . $layoutid . '&regionid=' . $regionid . '&q=RegionOptions")');
2522+ $this->response->AddButton(__('Yes'), '$("#MediaDeleteForm").submit()');
2523+ }
2524+ else
2525+ {
2526+ // This is for library based media
2527+ $options = '';
2528+
2529+ // Always have the abilty to unassign from the region
2530+ $options .= 'unassign|' . __('Unassign from this region only');
2531+
2532+ // Is this user allowed to edit this media?
2533+ if ($this->auth->edit)
2534+ {
2535+ // Load what we know about this media into the object
2536+ $SQL = "SELECT IFNULL(editedMediaID, 0) AS editedMediaID FROM media WHERE mediaID = $mediaid ";
2537+ $editedMediaID = $db->GetSingleValue($SQL, 'editedMediaID', _INT);
2538+
2539+ if ($editedMediaID === false)
2540+ {
2541+ trigger_error($editedMediaID . $db->error());
2542+ $this->response->SetError(__('Error querying for the Media information'));
2543+ $this->response->keepOpen = true;
2544+ return $this->response;
2545+ }
2546+
2547+ $options .= ',retire|' . __('Unassign from this region and retire');
2548+
2549+ // Is this media retired?
2550+ $revised = false;
2551+ if ($editedMediaID != 0)
2552+ $revised = true;
2553+
2554+ // Is this media being used anywhere else?
2555+ if ($layoutid == '')
2556+ {
2557+ $SQL = sprintf('SELECT layoutID FROM lklayoutmedia WHERE mediaID = %d ', $mediaid);
2558+ $options = '';
2559+ }
2560+ else
2561+ {
2562+ $SQL = sprintf("SELECT layoutID FROM lklayoutmedia WHERE mediaID = %d AND layoutid <> %d AND regionID <> '%s' ", $mediaid, $layoutid, $regionid);
2563+ }
2564+
2565+ if (!$results = $db->query($SQL))
2566+ {
2567+ trigger_error($db->error());
2568+
2569+ $this->response->SetError(__('Cannot determine if this media has been used.'));
2570+ $this->response->keepOpen = true;
2571+ return $this->response;
2572+ }
2573+
2574+ if ($db->num_rows($results) == 0 && !$revised)
2575+ {
2576+ $options .= ',delete|' . __('Delete this media');
2577+ }
2578+ else
2579+ {
2580+ $options .= ',retire|' . __('Retire this media');
2581+ }
2582+ }
2583+ else
2584+ {
2585+ // If this is the normal content page then say they cant edit, otherwise display the form with only the unassign option
2586+ if ($layoutid == '')
2587+ {
2588+ $this->response->SetError(__('You do not have permission to alter/delete this media.'));
2589+ $this->response->keepOpen = true;
2590+ return $this->response;
2591+ }
2592+ }
2593+
2594+ $options = ltrim($options, ',');
2595+
2596+ $deleteOptions = listcontent($options, 'options');
2597+
2598+ $msgWarn = __('Are you sure you want to delete this media?');
2599+ $msgSelect = __('Please select from the following options');
2600+ $msgCaution = __('Warning! You cannot undo this operation');
2601+
2602+ //we can delete
2603+ $form = <<<END
2604+ <form id="MediaDeleteForm" class="XiboForm" method="post" action="index.php?p=module&mod=$this->type&q=Exec&method=DeleteMedia">
2605+ <input type="hidden" name="mediaid" value="$mediaid">
2606+ <input type="hidden" name="lkid" value="$lkid">
2607+ <input type="hidden" name="layoutid" value="$layoutid">
2608+ <input type="hidden" name="regionid" value="$regionid">
2609+ <p>$msgWarn</p>
2610+ <p>$msgSelect: $deleteOptions </p>
2611+ <p>$msgCaution</p>
2612+ </form>
2613+END;
2614+ if ($layoutid == '')
2615+ $this->response->AddButton(__('No'), 'XiboDialogClose()');
2616+ else
2617+ $this->response->AddButton(__('No'), 'XiboFormRender("index.php?p=layout&layoutid=' . $layoutid . '&regionid=' . $regionid . '&q=RegionOptions")');
2618+
2619+ $this->response->AddButton(__('Yes'), '$("#MediaDeleteForm").submit()');
2620+ }
2621+
2622+ $this->response->html = $form;
2623+ $this->response->dialogTitle = __('Delete Media');
2624+ $this->response->dialogSize = true;
2625+ $this->response->dialogWidth = '450px';
2626+ $this->response->dialogHeight = '280px';
2627+
2628+ return $this->response;
2629 }
2630
2631 /**
2632@@ -478,21 +613,93 @@
2633 */
2634 public function DeleteMedia()
2635 {
2636- $db =& $this->db;
2637-
2638- $layoutid = $this->layoutid;
2639- $regionid = $this->regionid;
2640-
2641- $url = "index.php?p=layout&layoutid=$layoutid&regionid=$regionid&q=RegionOptions";
2642-
2643- $this->deleteFromRegion = true;
2644- $this->UpdateRegion();
2645-
2646- // We want to load a new form
2647- $this->response->loadForm = true;
2648- $this->response->loadFormUri= $url;
2649-
2650- return $this->response;
2651+ $db =& $this->db;
2652+
2653+ $layoutid = $this->layoutid;
2654+ $regionid = $this->regionid;
2655+ $mediaid = $this->mediaid;
2656+
2657+ $url = "index.php?p=layout&layoutid=$layoutid&regionid=$regionid&q=RegionOptions";
2658+
2659+ if (!$this->auth->del)
2660+ {
2661+ $this->response->SetError('You do not have permission to delete this assignment.');
2662+ $this->response->keepOpen = false;
2663+ return $this->response;
2664+ }
2665+
2666+ if ($layoutid != '')
2667+ {
2668+ Kit::ClassLoader('layoutmediagroupsecurity');
2669+ $security = new LayoutMediaGroupSecurity($db);
2670+
2671+ if (!$security->UnlinkAll($layoutid, $regionid, $this->mediaid))
2672+ trigger_error($security->GetErrorMessage(), E_USER_ERROR);
2673+
2674+ $this->deleteFromRegion = true;
2675+ $this->UpdateRegion();
2676+ }
2677+
2678+ // Are we region specific media?
2679+ if (!$this->regionSpecific)
2680+ {
2681+ $options = Kit::GetParam('options', _POST, _WORD);
2682+
2683+ // If we are set to retire we retire
2684+ if ($options == 'retire')
2685+ {
2686+ //Update the media record to say it is retired
2687+ $SQL = sprintf("UPDATE media SET retired = 1 WHERE mediaid = %d ", $mediaid);
2688+
2689+ if (!$db->query($SQL))
2690+ {
2691+ trigger_error($db->error());
2692+
2693+ $this->response->SetError(__('Database error retiring this media record.'));
2694+ $this->response->keepOpen = true;
2695+ return $this->response;
2696+ }
2697+ }
2698+
2699+ // If we are set to delete, we delete
2700+ if ($options == 'delete')
2701+ {
2702+ // Get the file location from the database
2703+ $storedAs = $db->GetSingleValue(sprintf("SELECT storedAs FROM media WHERE mediaid = %d", $mediaid), 'storedAs', _FILENAME);
2704+
2705+ // Remove permission assignments
2706+ Kit::ClassLoader('mediagroupsecurity');
2707+
2708+ $security = new MediaGroupSecurity($db);
2709+
2710+ if (!$security->UnlinkAll($mediaid))
2711+ trigger_error($security->GetErrorMessage(), E_USER_ERROR);
2712+
2713+ //Update the media record to say it is retired
2714+ $SQL = sprintf("DELETE FROM media WHERE mediaid = %d ", $mediaid);
2715+
2716+ if (!$db->query($SQL))
2717+ {
2718+ trigger_error($db->error());
2719+
2720+ $this->response->SetError(__('Database error deleting this media record.'));
2721+ $this->response->keepOpen = true;
2722+ return $this->response;
2723+ }
2724+
2725+ $this->DeleteMediaFiles($storedAs);
2726+ }
2727+
2728+ $this->response->message = __('Media Deleted');
2729+ }
2730+ else
2731+ {
2732+ // We want to load a new form
2733+ $this->response->loadForm = true;
2734+ $this->response->loadFormUri= $url;
2735+ }
2736+
2737+ return $this->response;
2738 }
2739
2740 /**
2741@@ -513,6 +720,118 @@
2742 return $this->response;
2743 }
2744
2745+ protected function AddFormForLibraryMedia()
2746+ {
2747+ global $session;
2748+ $db =& $this->db;
2749+ $user =& $this->user;
2750+
2751+ // Would like to get the regions width / height
2752+ $layoutid = $this->layoutid;
2753+ $regionid = $this->regionid;
2754+
2755+ // Set the Session / Security information
2756+ $sessionId = session_id();
2757+ $securityToken = CreateFormToken();
2758+ $backgroundImage = Kit::GetParam('backgroundImage', _GET, _BOOL, false);
2759+
2760+ $session->setSecurityToken($securityToken);
2761+
2762+ //Get the default value for the shared list
2763+ $default = Config::GetSetting($db, 'defaultMedia');
2764+ $defaultDuration = Config::GetSetting($db, 'jpg_length');
2765+
2766+ // Save button is different depending on if we are on a region or not
2767+ if ($regionid != '' && $this->showRegionOptions)
2768+ {
2769+ setSession('content','mediatype', $this->type);
2770+
2771+ $save_button = <<<END
2772+ <input id="btnSave" type="submit" value="Save" disabled />
2773+ <input class="XiboFormButton" id="btnCancel" type="button" title="Return to the Region Options" href="index.php?p=layout&layoutid=$layoutid&regionid=$regionid&q=RegionOptions" value="Cancel" />
2774+ <input class="XiboFormButton" type="button" href="index.php?p=content&q=LibraryAssignForm&layoutid=$layoutid&regionid=$regionid" title="Library" value="Library" />
2775+END;
2776+ }
2777+ elseif ($regionid != '' && !$this->showRegionOptions)
2778+ {
2779+ $save_button = <<<END
2780+ <input id="btnSave" type="submit" value="Save" disabled />
2781+ <input class="XiboFormButton" id="btnCancel" type="button" title="Close" onclick="$('#div_dialog').dialog('close')" value="Cancel" />
2782+END;
2783+ }
2784+ elseif ($backgroundImage)
2785+ {
2786+ // Show the save button, and make cancel go back to the background form
2787+ $save_button = <<<END
2788+ <input id="btnSave" type="submit" value="Save" disabled />
2789+ <input class="XiboFormButton" id="btnCancel" type="button" title="Close" href="index.php?p=layout&q=BackgroundForm&modify=true&layoutid=$layoutid" value="Cancel" />
2790+END;
2791+ }
2792+ else
2793+ {
2794+ $save_button = <<<END
2795+ <input id="btnSave" type="submit" value="Save" disabled />
2796+ <input class="XiboFormButton" id="btnCancel" type="button" title="Close" href="index.php?p=content&q=displayForms&sp=add" value="Cancel" />
2797+END;
2798+ }
2799+
2800+ $form = <<<FORM
2801+ <div style="display:none"><iframe name="fileupload" width="1px" height="1px"></iframe></div>
2802+ <div>
2803+ <form id="file_upload" method="post" action="index.php?p=content&q=FileUpload" enctype="multipart/form-data" target="fileupload">
2804+ <input type="hidden" id="PHPSESSID" value="$sessionId" />
2805+ <input type="hidden" id="SecurityToken" value="$securityToken" />
2806+ <input type="hidden" name="MAX_FILE_SIZE" value="$this->maxFileSizeBytes" />
2807+ <table>
2808+ <tr>
2809+ <td><label for="file">$this->displayType File<span class="required">*</span></label></td>
2810+ <td colspan="3">
2811+ <input type="file" name="media_file" onchange="fileFormSubmit();this.form.submit();" />
2812+ </td>
2813+ </tr>
2814+ </table>
2815+ </form>
2816+ </div>
2817+ <div id="uploadProgress" style="display:none">
2818+ <img src="img/loading.gif"><span style="padding-left:10px">You may fill in the form while your file is uploading.</span>
2819+ </div>
2820+ <form class="XiboForm" id="AddLibraryBasedMedia" method="post" action="index.php?p=module&mod=$this->type&q=Exec&method=AddMedia">
2821+ <input type="hidden" name="layoutid" value="$layoutid">
2822+ <input type="hidden" name="regionid" value="$regionid">
2823+ <input type="hidden" name="backgroundImage" value="$backgroundImage" />
2824+ <input type="hidden" name="showRegionOptions" value="$this->showRegionOptions" />
2825+ <input type="hidden" id="txtFileName" name="txtFileName" readonly="true" />
2826+ <input type="hidden" name="hidFileID" id="hidFileID" value="" />
2827+ <table width="100%">
2828+ <tr>
2829+ <td><label for="name" title="The name of the $this->type. Leave this blank to use the file name">Name</label></td>
2830+ <td><input id="name" name="name" type="text"></td>
2831+ </tr>
2832+ <tr>
2833+ <td><label for="duration" title="The duration in seconds this image should be displayed (may be overridden on each layout)">Duration<span class="required">*</span></label></td>
2834+ <td><input id="duration" name="duration" type="text" value="$defaultDuration"></td>
2835+ </tr>
2836+ <tr>
2837+ <td></td>
2838+ <td>This form accepts: <span class="required">$this->validExtensionsText</span> files up to a maximum size of <span class="required">$this->maxFileSize</span>.</td>
2839+ </tr>
2840+ <tr>
2841+ <td></td>
2842+ <td colspan="3">$save_button</td>
2843+ </tr>
2844+ </table>
2845+ </form>
2846+FORM;
2847+
2848+ $this->response->html = $form;
2849+ $this->response->dialogTitle = 'Add New ' . $this->displayType;
2850+ $this->response->dialogSize = true;
2851+ $this->response->dialogWidth = '450px';
2852+ $this->response->dialogHeight = '280px';
2853+
2854+ return $this->response;
2855+ }
2856+
2857 /**
2858 * Default Edit Form
2859 * @return
2860@@ -530,6 +849,148 @@
2861 return $this->response;
2862 }
2863
2864+ protected function EditFormForLibraryMedia()
2865+ {
2866+ global $session;
2867+ $db =& $this->db;
2868+ $user =& $this->user;
2869+
2870+ // Would like to get the regions width / height
2871+ $layoutid = $this->layoutid;
2872+ $regionid = $this->regionid;
2873+ $mediaid = $this->mediaid;
2874+ $lkid = $this->lkid;
2875+ $userid = $this->user->userid;
2876+
2877+ // Can this user delete?
2878+ if (!$this->auth->edit)
2879+ {
2880+ $this->response->SetError('You do not have permission to edit this media.');
2881+ $this->response->keepOpen = false;
2882+ return $this->response;
2883+ }
2884+
2885+ // Set the Session / Security information
2886+ $sessionId = session_id();
2887+ $securityToken = CreateFormToken();
2888+
2889+ $session->setSecurityToken($securityToken);
2890+
2891+ // Load what we know about this media into the object
2892+ $SQL = "SELECT name, originalFilename, userID, retired, storedAs, isEdited, editedMediaID FROM media WHERE mediaID = $mediaid ";
2893+
2894+ if (!$row = $db->GetSingleRow($SQL))
2895+ {
2896+ trigger_error($db->error()); //log the error
2897+
2898+ $this->message = __('Error querying for the Media information');
2899+ return false;
2900+ }
2901+
2902+ $name = $row['name'];
2903+ $originalFilename = $row['originalFilename'];
2904+ $userid = $row['userID'];
2905+ $retired = $row['retired'];
2906+ $storedAs = $row['storedAs'];
2907+ $isEdited = $row['isEdited'];
2908+ $editedMediaID = $row['editedMediaID'];
2909+ $ext = strtolower(substr(strrchr($originalFilename, '.'), 1));
2910+
2911+ // Save button is different depending on if we are on a region or not
2912+ if ($regionid != '' && $this->showRegionOptions)
2913+ {
2914+ setSession('content', 'mediatype', $this->type);
2915+
2916+ $extraNotes = '<em>Note: Uploading a new ' . $this->displayType . ' here will replace it on this layout only.</em>';
2917+
2918+ $save_button = <<<END
2919+ <input id="btnSave" type="submit" value="Save" />
2920+ <input class="XiboFormButton" id="btnCancel" type="button" title="Return to the Region Options" href="index.php?p=layout&layoutid=$layoutid&regionid=$regionid&q=RegionOptions" value="Cancel" />
2921+END;
2922+ }
2923+ elseif ($regionid != '' && !$this->showRegionOptions)
2924+ {
2925+ $extraNotes = '<em>Note: Uploading a new ' . $this->displayType . ' here will replace it on this layout only.</em>';
2926+
2927+ $save_button = <<<END
2928+ <input id="btnSave" type="submit" value="Save" />
2929+ <input id="btnCancel" type="button" title="Close" onclick="$('#div_dialog').dialog('close')" value="Cancel" />
2930+END;
2931+ }
2932+ else
2933+ {
2934+ $extraNotes = '<em>Note: As you are editing from the library uploading a new media item will not replace the old one from any layouts. To do this navigate to the layout and edit the media from there.</em>';
2935+
2936+ $save_button = <<<END
2937+ <input id="btnSave" type="submit" value="Save" />
2938+ <input id="btnCancel" type="button" title="Close" onclick="$('#div_dialog').dialog('close')" value="Cancel" />
2939+END;
2940+ }
2941+
2942+ $durationFieldEnabled = ($this->auth->modifyPermissions) ? '' : ' readonly';
2943+
2944+ $form = <<<FORM
2945+ <div style="display:none"><iframe name="fileupload" width="1px" height="1px"></iframe></div>
2946+ <div>
2947+ <form id="file_upload" method="post" action="index.php?p=content&q=FileUpload" enctype="multipart/form-data" target="fileupload">
2948+ <input type="hidden" id="PHPSESSID" value="$sessionId" />
2949+ <input type="hidden" id="SecurityToken" value="$securityToken" />
2950+ <input type="hidden" name="MAX_FILE_SIZE" value="$this->maxFileSizeBytes" />
2951+ <table>
2952+ <tr>
2953+ <td><label for="file">New $this->displayType File<span class="required">*</span></label></td>
2954+ <td colspan="3">
2955+ <input type="file" name="media_file" onchange="fileFormSubmit();this.form.submit();" />
2956+ </td>
2957+ </tr>
2958+ </table>
2959+ </form>
2960+ </div>
2961+ <div id="uploadProgress" style="display:none">
2962+ <img src="img/loading.gif"><span style="padding-left:10px">You may fill in the form while your file is uploading.</span>
2963+ </div>
2964+ <form class="XiboForm" method="post" action="index.php?p=module&mod=$this->type&q=Exec&method=EditMedia">
2965+ <input type="hidden" name="hidFileID" id="hidFileID" value="" />
2966+ <input type="hidden" id="txtFileName" name="txtFileName" readonly="true" />
2967+ <input type="hidden" name="layoutid" value="$layoutid">
2968+ <input type="hidden" name="regionid" value="$regionid">
2969+ <input type="hidden" name="mediaid" value="$mediaid">
2970+ <input type="hidden" name="lkid" value="$lkid">
2971+ <input type="hidden" id="PHPSESSID" value="$sessionId" />
2972+ <input type="hidden" id="SecurityToken" value="$securityToken" />
2973+ <input type="hidden" name="showRegionOptions" value="$this->showRegionOptions" />
2974+ <table>
2975+ <tr>
2976+ <td><label for="name" title="The name of the $this->displayType. Leave this blank to use the file name">Name</label></td>
2977+ <td><input id="name" name="name" type="text" value="$name"></td>
2978+ <td><label for="duration" title="The duration in seconds this media should be displayed (may be overridden on each layout)">Duration<span class="required">*</span></label></td>
2979+ <td><input id="duration" name="duration" type="text" value="$this->duration" $durationFieldEnabled></td>
2980+ </tr>
2981+ <tr>
2982+ <td></td>
2983+ <td>This form accepts: <span class="required">$this->validExtensionsText</span> files up to a maximum size of <span class="required">$this->maxFileSize</span>.</td>
2984+ </tr>
2985+ <tr>
2986+ <td></td>
2987+ <td colspan="2">$extraNotes</td>
2988+ </tr>
2989+ <tr>
2990+ <td></td>
2991+ <td colspan="3">$save_button</td>
2992+ </tr>
2993+ </table>
2994+ </form>
2995+FORM;
2996+
2997+ $this->response->html = $form;
2998+ $this->response->dialogTitle = 'Edit ' . $this->displayType;
2999+ $this->response->dialogSize = true;
3000+ $this->response->dialogWidth = '450px';
3001+ $this->response->dialogHeight = '280px';
3002+
3003+ return $this->response;
3004+ }
3005+
3006 /**
3007 * Default Add Media
3008 * @return
3009@@ -542,6 +1003,171 @@
3010 return $this->response;
3011 }
3012
3013+ protected function AddLibraryMedia()
3014+ {
3015+ $db =& $this->db;
3016+ $layoutid = $this->layoutid;
3017+ $regionid = $this->regionid;
3018+ $mediaid = $this->mediaid;
3019+ $userid = $this->user->userid;
3020+ $backgroundImage = Kit::GetParam('backgroundImage', _POST, _BOOL, false);
3021+
3022+ // File data
3023+ $tmpName = Kit::GetParam('hidFileID', _POST, _STRING);
3024+
3025+ if ($tmpName == '')
3026+ {
3027+ $this->response->SetError('Cannot save Image details. <br/> You must have picked a file.');
3028+ $this->response->keepOpen = true;
3029+ return $this->response;
3030+ }
3031+
3032+ // File name and extension (orignial name)
3033+ $fileName = Kit::GetParam('txtFileName', _POST, _STRING);
3034+ $fileName = basename($fileName);
3035+ $ext = strtolower(substr(strrchr($fileName, "."), 1));
3036+
3037+ // Other properties
3038+ $name = Kit::GetParam('name', _POST, _STRING);
3039+ $duration = Kit::GetParam('duration', _POST, _INT, -1);
3040+
3041+ if ($name == '')
3042+ $name = Kit::ValidateParam($fileName, _FILENAME);
3043+
3044+ // Validation
3045+ if (!$this->IsValidExtension($ext))
3046+ {
3047+ $this->response->SetError(sprintf(__('Your file has an extension not supported by Media Type %s'), $this->displayType));
3048+ $this->response->keepOpen = true;
3049+ return $this->response;
3050+ }
3051+
3052+ // Make sure the name isnt too long
3053+ if (strlen($name) > 100)
3054+ {
3055+ $this->response->SetError(__('The name cannot be longer than 100 characters'));
3056+ $this->response->keepOpen = true;
3057+ return $this->response;
3058+ }
3059+
3060+ if ($duration < 0)
3061+ {
3062+ $this->response->SetError(__('You must enter a duration.'));
3063+ $this->response->keepOpen = true;
3064+ return $this->response;
3065+ }
3066+
3067+ // Ensure the name is not already in the database
3068+ $SQL = sprintf("SELECT name FROM media WHERE name = '%s' AND userid = %d", $db->escape_string($name), $userid);
3069+
3070+ if(!$result = $db->query($SQL))
3071+ {
3072+ trigger_error($db->error());
3073+ $this->response->SetError('Error checking whether the media name is ok. Try choosing a different name.');
3074+ $this->response->keepOpen = true;
3075+ return $this->response;
3076+ }
3077+
3078+ if ($db->num_rows($result) != 0)
3079+ {
3080+ $this->response->SetError('Some media you own already has this name. Please choose another.');
3081+ $this->response->keepOpen = true;
3082+ return $this->response;
3083+ }
3084+
3085+ // All OK to insert this record
3086+ $SQL = "INSERT INTO media (name, type, duration, originalFilename, userID, retired ) ";
3087+ $SQL .= "VALUES ('%s', '$this->type', '%s', '%s', %d, 0) ";
3088+
3089+ $SQL = sprintf($SQL, $db->escape_string($name), $db->escape_string($duration), $db->escape_string($fileName), $userid);
3090+
3091+ if (!$mediaid = $db->insert_query($SQL))
3092+ {
3093+ trigger_error($db->error());
3094+ $this->response->SetError(__('Database error adding this media record.'));
3095+ $this->response->keepOpen = true;
3096+ return $this->response;
3097+ }
3098+
3099+ // File upload directory.. get this from the settings object
3100+ $databaseDir = Config::GetSetting($db, 'LIBRARY_LOCATION');
3101+
3102+ // What are we going to store this media as...
3103+ $storedAs = $mediaid . '.' . $ext;
3104+
3105+ // Now we need to move the file
3106+ if (!$result = rename($databaseDir . 'temp/' . $tmpName, $databaseDir . $storedAs))
3107+ {
3108+ // If we couldnt move it - we need to delete the media record we just added
3109+ $SQL = sprintf("DELETE FROM media WHERE mediaID = %d ", $mediaid);
3110+
3111+ if (!$db->query($SQL))
3112+ {
3113+ trigger_error($db->error());
3114+ $this->response->SetError(__('Error storing file'));
3115+ $this->response->keepOpen = true;
3116+ return $this->response;
3117+ }
3118+ }
3119+
3120+ // Calculate the MD5 and the file size
3121+ $md5 = md5_file($databaseDir.$storedAs);
3122+ $fileSize = filesize($databaseDir.$storedAs);
3123+
3124+ // Update the media record to include this information
3125+ $SQL = sprintf("UPDATE media SET storedAs = '%s', `MD5` = '%s', FileSize = %d WHERE mediaid = %d", $storedAs, $md5, $fileSize, $mediaid);
3126+
3127+ if (!$db->query($SQL))
3128+ {
3129+ trigger_error($db->error());
3130+ return true;
3131+ }
3132+
3133+ // Required Attributes
3134+ $this->mediaid = $mediaid;
3135+ $this->duration = $duration;
3136+
3137+ // Any Options
3138+ $this->SetOption('uri', $storedAs);
3139+
3140+ // Should have built the media object entirely by this time
3141+ if ($regionid != '' && $this->showRegionOptions)
3142+ {
3143+ // This saves the Media Object to the Region
3144+ $this->UpdateRegion();
3145+ $this->response->loadFormUri = "index.php?p=layout&layoutid=$layoutid&regionid=$regionid&q=RegionOptions";;
3146+ }
3147+ elseif ($regionid != '' && !$this->showRegionOptions)
3148+ {
3149+ $this->UpdateRegion();
3150+ $this->response->loadForm = false;
3151+ }
3152+ else
3153+ {
3154+ $this->response->loadFormUri = "index.php?p=content&q=displayForms&sp=add";
3155+ }
3156+
3157+ // We want to load a new form
3158+ $this->response->loadForm = true;
3159+
3160+ // If we just added a background we should load the background form
3161+ if ($backgroundImage)
3162+ {
3163+ $this->response->loadFormUri = "index.php?p=layout&q=BackgroundForm&modify=true&layoutid=$layoutid&backgroundOveride=$storedAs";
3164+ }
3165+
3166+ // What permissions should we assign this with?
3167+ if (Config::GetSetting($db, 'MEDIA_DEFAULT') == 'public')
3168+ {
3169+ Kit::ClassLoader('mediagroupsecurity');
3170+
3171+ $security = new MediaGroupSecurity($db);
3172+ $security->LinkEveryone($mediaid, 1, 0, 0);
3173+ }
3174+
3175+ return $this->response;
3176+ }
3177+
3178 /**
3179 * Default EditMedia
3180 * @return
3181@@ -554,18 +1180,256 @@
3182 return $this->response;
3183 }
3184
3185- /**
3186- * Default GetName
3187- * @return
3188- */
3189- public function GetName()
3190- {
3191- $db =& $this->db;
3192-
3193- Debug::LogEntry($db, 'audit', sprintf('Module name returned for MediaID: %s is %s', $this->mediaid, $this->name), 'Module', 'GetName');
3194-
3195- return $this->name;
3196- }
3197+ protected function EditLibraryMedia()
3198+ {
3199+ $db =& $this->db;
3200+ $user =& $this->user;
3201+ $layoutid = $this->layoutid;
3202+ $regionid = $this->regionid;
3203+ $mediaid = $this->mediaid;
3204+ $userid = $this->user->userid;
3205+
3206+ if (!$this->auth->edit)
3207+ {
3208+ $this->response->SetError('You do not have permission to edit this media.');
3209+ $this->response->keepOpen = false;
3210+ return $this->response;
3211+ }
3212+
3213+ // Stored As from the XML
3214+ $storedAs = $this->GetOption('uri');
3215+
3216+ // File data
3217+ $tmpName = Kit::GetParam('hidFileID', _POST, _STRING);
3218+
3219+ if ($tmpName == '')
3220+ {
3221+ $fileRevision = false;
3222+ }
3223+ else
3224+ {
3225+ $fileRevision = true;
3226+
3227+ // File name and extension (orignial name)
3228+ $fileName = Kit::GetParam('txtFileName', _POST, _STRING);
3229+ $fileName = basename($fileName);
3230+ $ext = strtolower(substr(strrchr($fileName, "."), 1));
3231+
3232+ if (!$this->IsValidExtension($ext))
3233+ {
3234+ $this->response->SetError('Your file has an extension not supported by this Media Type.');
3235+ $this->response->keepOpen = true;
3236+ return $this->response;
3237+ }
3238+ }
3239+
3240+ // Other properties
3241+ $name = Kit::GetParam('name', _POST, _STRING);
3242+
3243+ if ($this->auth->modifyPermissions)
3244+ $this->duration = Kit::GetParam('duration', _POST, _INT, 0);
3245+
3246+ if ($name == '')
3247+ {
3248+ if ($fileRevision)
3249+ {
3250+ $name = Kit::ValidateParam($fileName, _FILENAME);
3251+ }
3252+ else
3253+ {
3254+ $this->response->SetError(__('The Name cannot be blank.'));
3255+ $this->response->keepOpen = true;
3256+ return $this->response;
3257+ }
3258+ }
3259+
3260+ // Make sure the name isnt too long
3261+ if (strlen($name) > 100)
3262+ {
3263+ $this->response->SetError(__('The name cannot be longer than 100 characters'));
3264+ $this->response->keepOpen = true;
3265+ return $this->response;
3266+ }
3267+
3268+ if ($this->duration < 0)
3269+ {
3270+ $this->response->SetError(__('You must enter a duration.'));
3271+ $this->response->keepOpen = true;
3272+ return $this->response;
3273+ }
3274+
3275+ // Ensure the name is not already in the database
3276+ $SQL = sprintf("SELECT name FROM media WHERE name = '%s' AND userid = %d AND mediaid <> %d AND IsEdited = 0", $db->escape_string($name), $userid, $mediaid);
3277+
3278+ if(!$result = $db->query($SQL))
3279+ {
3280+ trigger_error($db->error());
3281+ $this->response->SetError(__('Error checking whether the media name is ok. Try choosing a different name.'));
3282+ $this->response->keepOpen = true;
3283+ return $this->response;
3284+ }
3285+
3286+ if ($db->num_rows($result) != 0)
3287+ {
3288+ $this->response->SetError(__('Some media you own already has this name. Please choose another.'));
3289+ $this->response->keepOpen = true;
3290+ return $this->response;
3291+ }
3292+
3293+ //Are we revising this media - or just plain editing
3294+ if ($fileRevision)
3295+ {
3296+ // All OK to insert this record
3297+ $SQL = "INSERT INTO media (name, type, duration, originalFilename, userID, retired ) ";
3298+ $SQL .= "VALUES ('%s', '$this->type', '%s', '%s', %d, 0) ";
3299+
3300+ $SQL = sprintf($SQL, $db->escape_string($name), $db->escape_string($this->duration), $db->escape_string($fileName), $userid);
3301+
3302+ if (!$new_mediaid = $db->insert_query($SQL))
3303+ {
3304+ trigger_error($db->error());
3305+ trigger_error('Error inserting replacement media record.', E_USER_ERROR);
3306+ }
3307+
3308+ //What are we going to store this media as...
3309+ $storedAs = $new_mediaid . '.' . $ext;
3310+
3311+ // File upload directory.. get this from the settings object
3312+ $databaseDir = Config::GetSetting($db, 'LIBRARY_LOCATION');
3313+
3314+ //Now we need to move the file
3315+ if (!$result = rename($databaseDir . '/temp/' . $tmpName, $databaseDir . $storedAs))
3316+ {
3317+ //If we couldnt move it - we need to delete the media record we just added
3318+ $SQL = "DELETE FROM media WHERE mediaID = $new_mediaid ";
3319+
3320+ if (!$db->insert_query($SQL))
3321+ {
3322+ $this->response->SetError('Error rolling back transcation.');
3323+ $this->response->keepOpen = true;
3324+ return $this->response;
3325+ }
3326+ }
3327+
3328+ // Calculate the MD5 and the file size
3329+ $md5 = md5_file($databaseDir.$storedAs);
3330+ $fileSize = filesize($databaseDir.$storedAs);
3331+
3332+ // Update the media record to include this information
3333+ $SQL = sprintf("UPDATE media SET storedAs = '%s', `MD5` = '%s', FileSize = %d WHERE mediaid = %d", $storedAs, $md5, $fileSize, $new_mediaid);
3334+
3335+ if (!$db->query($SQL))
3336+ {
3337+ trigger_error($db->error());
3338+ $this->response->SetError('Error updating media with Library location.');
3339+ $this->response->keepOpen = true;
3340+ return $this->response;
3341+ }
3342+
3343+ // Update the existing record with the new record's id
3344+ $SQL = "UPDATE media SET isEdited = 1, editedMediaID = $new_mediaid ";
3345+ $SQL .= " WHERE IFNULL(editedMediaID,0) <> $new_mediaid AND mediaID = $mediaid ";
3346+
3347+ Debug::LogEntry($db, 'audit', $SQL);
3348+
3349+ if (!$db->query($SQL))
3350+ {
3351+ trigger_error($db->error());
3352+
3353+ $this->response->SetError('Database error editing this media record.');
3354+ $this->response->keepOpen = true;
3355+ return $this->response;
3356+ }
3357+
3358+ // We need to assign all permissions for the old media id to the new media id
3359+ Kit::ClassLoader('mediagroupsecurity');
3360+
3361+ $security = new MediaGroupSecurity($db);
3362+ $security->Copy($mediaid, $new_mediaid);
3363+
3364+ // Are we on a region
3365+ if ($regionid != '')
3366+ {
3367+ Kit::ClassLoader('layoutmediagroupsecurity');
3368+
3369+ $security = new LayoutMediaGroupSecurity($db);
3370+ $security->Copy($layoutid, $regionid, $mediaid, $new_mediaid);
3371+ }
3372+ }
3373+ else
3374+ {
3375+ // Editing the existing record
3376+ $new_mediaid = $mediaid;
3377+
3378+ $SQL = "UPDATE media SET name = '%s' ";
3379+ $SQL .= " WHERE mediaID = %d ";
3380+ $SQL = sprintf($SQL, $db->escape_string($name), $mediaid);
3381+
3382+ Debug::LogEntry($db, 'audit', $SQL);
3383+
3384+ if (!$db->query($SQL))
3385+ {
3386+ trigger_error($db->error());
3387+
3388+ $this->response->SetError('Database error editing this media record.');
3389+ $this->response->keepOpen = true;
3390+ return $this->response;
3391+ }
3392+ }
3393+
3394+ // Required Attributes
3395+ $this->mediaid = $new_mediaid;
3396+
3397+ // Any Options
3398+ $this->SetOption('uri', $storedAs);
3399+
3400+ // Should have built the media object entirely by this time
3401+ if ($regionid != '' && $this->showRegionOptions)
3402+ {
3403+ // This saves the Media Object to the Region
3404+ $this->UpdateRegion();
3405+
3406+ $this->response->loadForm = true;
3407+ $this->response->loadFormUri = "index.php?p=layout&layoutid=$layoutid&regionid=$regionid&q=RegionOptions";;
3408+ }
3409+ elseif ($regionid != '' && !$this->showRegionOptions)
3410+ {
3411+ $this->UpdateRegion();
3412+ $this->response->loadForm = false;
3413+ }
3414+ else
3415+ {
3416+ // We are in the library so we therefore have to update the duration with the new value.
3417+ // We could do this in the above code, but it is much simpler here until we rewrite
3418+ // these classes to use a data base class.
3419+ $db->query(sprintf("UPDATE media SET duration = %d WHERE mediaID = %d", $this->duration, $this->mediaid));
3420+
3421+ $this->response->message = 'Edited the ' . $this->displayType;
3422+ }
3423+
3424+ return $this->response;
3425+ }
3426+
3427+ /**
3428+ * Default GetName
3429+ * @return
3430+ */
3431+ public function GetName()
3432+ {
3433+ $db =& $this->db;
3434+
3435+ if ($this->name == '' && !$this->regionSpecific)
3436+ {
3437+ // Load what we know about this media into the object
3438+ $SQL = "SELECT name FROM media WHERE mediaID = %d ";
3439+
3440+ $this->name = $db->GetSingleValue(sprintf($SQL, $this->mediaid), 'name', _STRING);
3441+ }
3442+
3443+ Debug::LogEntry($db, 'audit', sprintf('Module name returned for MediaID: %s is %s', $this->mediaid, $this->name), 'Module', 'GetName');
3444+
3445+ return $this->name;
3446+ }
3447
3448 /**
3449 * Preview code for a module
3450@@ -585,5 +1449,231 @@
3451 {
3452 return $this->regionSpecific;
3453 }
3454+
3455+ /**
3456+ * Permissions form
3457+ */
3458+ public function PermissionsForm()
3459+ {
3460+ $db =& $this->db;
3461+ $user =& $this->user;
3462+ $response = $this->response;
3463+ $helpManager = new HelpManager($db, $user);
3464+
3465+ if (!$this->auth->modifyPermissions)
3466+ trigger_error(__('You do not have permissions to edit this media'), E_USER_ERROR);
3467+
3468+ // Form content
3469+ $form = '<form id="LayoutPermissionsForm" class="XiboForm" method="post" action="index.php?p=module&mod=' . $this->type . '&q=Exec&method=Permissions">';
3470+ $form .= '<input type="hidden" name="layoutid" value="' . $this->layoutid . '" />';
3471+ $form .= '<input type="hidden" name="regionid" value="' . $this->regionid . '" />';
3472+ $form .= '<input type="hidden" name="mediaid" value="' . $this->mediaid . '" />';
3473+ $form .= '<div class="dialog_table">';
3474+ $form .= ' <table style="width:100%">';
3475+ $form .= ' <tr>';
3476+ $form .= ' <th>' . __('Group') . '</th>';
3477+ $form .= ' <th>' . __('View') . '</th>';
3478+ $form .= ' <th>' . __('Edit') . '</th>';
3479+ $form .= ' <th>' . __('Delete') . '</th>';
3480+ $form .= ' </tr>';
3481+
3482+ // List of all Groups with a view/edit/delete checkbox
3483+ $SQL = '';
3484+ $SQL .= 'SELECT `group`.GroupID, `group`.`Group`, View, Edit, Del, `group`.IsUserSpecific ';
3485+ $SQL .= ' FROM `group` ';
3486+
3487+ if ($this->assignedMedia)
3488+ {
3489+ $SQL .= ' LEFT OUTER JOIN lklayoutmediagroup ';
3490+ $SQL .= ' ON lklayoutmediagroup.GroupID = group.GroupID ';
3491+ $SQL .= sprintf(" AND lklayoutmediagroup.MediaID = '%s' AND lklayoutmediagroup.RegionID = '%s' AND lklayoutmediagroup.LayoutID = %d ", $this->mediaid, $this->regionid, $this->layoutid);
3492+ }
3493+ else
3494+ {
3495+ $SQL .= ' LEFT OUTER JOIN lkmediagroup ';
3496+ $SQL .= ' ON lkmediagroup.GroupID = group.GroupID ';
3497+ $SQL .= sprintf(' AND lkmediagroup.MediaID = %d ', $this->mediaid);
3498+ }
3499+
3500+ $SQL .= ' WHERE `group`.GroupID <> %d ';
3501+ $SQL .= 'ORDER BY `group`.IsEveryone DESC, `group`.IsUserSpecific, `group`.`Group` ';
3502+
3503+ $SQL = sprintf($SQL, $user->getGroupFromId($user->userid, true));
3504+
3505+ Debug::LogEntry($db, 'audit', $SQL, 'module', 'PermissionsForm');
3506+
3507+ if (!$results = $db->query($SQL))
3508+ {
3509+ trigger_error($db->error());
3510+ trigger_error(__('Unable to get permissions for this layout'), E_USER_ERROR);
3511+ }
3512+
3513+ while($row = $db->get_assoc_row($results))
3514+ {
3515+ $groupId = $row['GroupID'];
3516+ $group = ($row['IsUserSpecific'] == 0) ? '<strong>' . $row['Group'] . '</strong>' : $row['Group'];
3517+
3518+ $form .= '<tr>';
3519+ $form .= ' <td>' . $group . '</td>';
3520+ $form .= ' <td><input type="checkbox" name="groupids[]" value="' . $groupId . '_view" ' . (($row['View'] == 1) ? 'checked' : '') . '></td>';
3521+ $form .= ' <td><input type="checkbox" name="groupids[]" value="' . $groupId . '_edit" ' . (($row['Edit'] == 1) ? 'checked' : '') . '></td>';
3522+ $form .= ' <td><input type="checkbox" name="groupids[]" value="' . $groupId . '_del" ' . (($row['Del'] == 1) ? 'checked' : '') . '></td>';
3523+ $form .= '</tr>';
3524+ }
3525+
3526+ $form .= '</table>';
3527+ $form .= '</div>';
3528+ $form .= '</form>';
3529+
3530+ $response->SetFormRequestResponse($form, __('Permissions'), '350px', '500px');
3531+ $response->AddButton(__('Help'), 'XiboHelpRender("' . $helpManager->Link('Layout', 'Permissions') . '")');
3532+ $response->AddButton(__('Cancel'), 'XiboSwapDialog("index.php?p=layout&layoutid=' . $this->layoutid . '&regionid=' . $this->regionid . '&q=RegionOptions")');
3533+ $response->AddButton(__('Save'), '$("#LayoutPermissionsForm").submit()');
3534+
3535+ return $response;
3536+ }
3537+
3538+ /**
3539+ * Permissions Edit
3540+ */
3541+ public function Permissions()
3542+ {
3543+ $db =& $this->db;
3544+ $user =& $this->user;
3545+ $response = $this->response;
3546+
3547+ Kit::ClassLoader('mediagroupsecurity');
3548+ Kit::ClassLoader('layoutmediagroupsecurity');
3549+
3550+ $layoutId = Kit::GetParam('layoutid', _POST, _INT);
3551+ $regionId = Kit::GetParam('regionid', _POST, _STRING);
3552+ $mediaId = Kit::GetParam('mediaid', _POST, _STRING);
3553+ $groupIds = Kit::GetParam('groupids', _POST, _ARRAY);
3554+
3555+ if (!$this->auth->modifyPermissions)
3556+ trigger_error(__('You do not have permissions to edit this layout'), E_USER_ERROR);
3557+
3558+ // Unlink all
3559+ if ($this->assignedMedia)
3560+ {
3561+ $layoutMediaSecurity = new LayoutMediaGroupSecurity($db);
3562+ if (!$layoutMediaSecurity->UnlinkAll($layoutId, $regionId, $mediaId))
3563+ trigger_error(__('Unable to set permissions'));
3564+ }
3565+ else
3566+ {
3567+ $mediaSecurity = new MediaGroupSecurity($db);
3568+ if (!$mediaSecurity->UnlinkAll($mediaId))
3569+ trigger_error(__('Unable to set permissions'));
3570+ }
3571+
3572+ // Some assignments for the loop
3573+ $lastGroupId = 0;
3574+ $first = true;
3575+ $view = 0;
3576+ $edit = 0;
3577+ $del = 0;
3578+
3579+ // List of groupIds with view, edit and del assignments
3580+ foreach($groupIds as $groupPermission)
3581+ {
3582+ $groupPermission = explode('_', $groupPermission);
3583+ $groupId = $groupPermission[0];
3584+
3585+ if ($first)
3586+ {
3587+ // First time through
3588+ $first = false;
3589+ $lastGroupId = $groupId;
3590+ }
3591+
3592+ if ($groupId != $lastGroupId)
3593+ {
3594+ // The groupId has changed, so we need to write the current settings to the db.
3595+ // Link new permissions
3596+ if ($this->assignedMedia)
3597+ {
3598+ if (!$layoutMediaSecurity->Link($layoutId, $regionId, $mediaId, $lastGroupId, $view, $edit, $del))
3599+ trigger_error(__('Unable to set permissions'));
3600+ }
3601+ else
3602+ {
3603+ if (!$mediaSecurity->Link($mediaId, $lastGroupId, $view, $edit, $del))
3604+ trigger_error(__('Unable to set permissions'));
3605+ }
3606+
3607+ // Reset
3608+ $lastGroupId = $groupId;
3609+ $view = 0;
3610+ $edit = 0;
3611+ $del = 0;
3612+ }
3613+
3614+ switch ($groupPermission[1])
3615+ {
3616+ case 'view':
3617+ $view = 1;
3618+ break;
3619+
3620+ case 'edit':
3621+ $edit = 1;
3622+ break;
3623+
3624+ case 'del':
3625+ $del = 1;
3626+ break;
3627+ }
3628+ }
3629+
3630+ // Need to do the last one
3631+ if (!$first)
3632+ {
3633+ if ($this->assignedMedia)
3634+ {
3635+ if (!$layoutMediaSecurity->Link($layoutId, $regionId, $mediaId, $lastGroupId, $view, $edit, $del))
3636+ trigger_error(__('Unable to set permissions'));
3637+ }
3638+ else
3639+ {
3640+ if (!$mediaSecurity->Link($mediaId, $lastGroupId, $view, $edit, $del))
3641+ trigger_error(__('Unable to set permissions'));
3642+ }
3643+ }
3644+
3645+ $response->SetFormSubmitResponse(__('Permissions Changed'));
3646+
3647+ return $response;
3648+ }
3649+
3650+ /**
3651+ * Deletes the media files associated with this record
3652+ * @return
3653+ */
3654+ private function DeleteMediaFiles($fileName)
3655+ {
3656+ $db =& $this->db;
3657+
3658+ //Library location
3659+ $databaseDir = Config::GetSetting($db, 'LIBRARY_LOCATION');
3660+
3661+ //3 things to check for..
3662+ //the actual file, the thumbnail, the background
3663+ if (file_exists($databaseDir . $fileName))
3664+ {
3665+ unlink($databaseDir . $fileName);
3666+ }
3667+
3668+ if (file_exists($databaseDir . 'tn_' . $fileName))
3669+ {
3670+ unlink($databaseDir . 'tn_' . $fileName);
3671+ }
3672+
3673+ if (file_exists($databaseDir . 'bg_' . $fileName))
3674+ {
3675+ unlink($databaseDir . 'bg_' . $fileName);
3676+ }
3677+
3678+ return true;
3679+ }
3680 }
3681 ?>
3682\ No newline at end of file
3683
3684=== modified file 'server/lib/pages/content.class.php'
3685--- server/lib/pages/content.class.php 2011-06-05 16:17:41 +0000
3686+++ server/lib/pages/content.class.php 2011-08-18 23:36:27 +0000
3687@@ -70,11 +70,6 @@
3688 if (isset($_SESSION['content']['usertype'])) $usertype = $_SESSION['content']['usertype'];
3689 if (isset($_SESSION['content']['playlistid'])) $playlistid = $_SESSION['content']['playlistid'];
3690
3691- //shared list
3692- $shared = "All";
3693- if (isset($_SESSION['content']['shared'])) $shared = $_SESSION['content']['shared'];
3694- $shared_list = dropdownlist("SELECT 'all','All' UNION SELECT permissionID, permission FROM permission", "shared", $shared);
3695-
3696 $filter_userid = "";
3697 if (isset($_SESSION['content']['filter_userid'])) $filter_userid = $_SESSION['content']['filter_userid'];
3698
3699@@ -122,8 +117,6 @@
3700 <td>$user_list</td>
3701 <td></td>
3702 <td></td>
3703- <td>$msgShared</td>
3704- <td>$shared_list</td>
3705 </tr>
3706 </table>
3707 </form>
3708@@ -174,12 +167,9 @@
3709 $SQL .= " media.name, ";
3710 $SQL .= " media.type, ";
3711 $SQL .= " media.duration, ";
3712- $SQL .= " media.userID, ";
3713- $SQL .= " permission.permission, ";
3714- $SQL .= " media.permissionID ";
3715+ $SQL .= " media.userID ";
3716 $SQL .= "FROM media ";
3717- $SQL .= "INNER JOIN permission ON permission.permissionID = media.permissionID ";
3718- $SQL .= "WHERE 1 = 1 AND isEdited = 0 ";
3719+ $SQL .= "WHERE isEdited = 0 ";
3720 if ($mediatype != "all")
3721 {
3722 $SQL .= sprintf(" AND media.type = '%s'", $db->escape_string($mediatype));
3723@@ -192,10 +182,6 @@
3724 {
3725 $SQL .= sprintf(" AND media.userid = %d ", $filter_userid);
3726 }
3727- if ($shared != "all")
3728- {
3729- $SQL .= sprintf(" AND media.permissionID = %d ", $shared);
3730- }
3731 //retired options
3732 if ($filter_retired == '1')
3733 {
3734@@ -220,7 +206,7 @@
3735 $msgType = __('Type');
3736 $msgRetired = __('Retired');
3737 $msgOwner = __('Owner');
3738- $msgShared = __('Shared');
3739+ $msgShared = __('Permissions');
3740 $msgAction = __('Action');
3741
3742 $output = <<<END
3743@@ -231,83 +217,86 @@
3744 <th>$msgName</th>
3745 <th>$msgType</th>
3746 <th>h:mi:ss</th>
3747+ <th>$msgOwner</th>
3748 <th>$msgShared</th>
3749- <th>$msgOwner</th>
3750 <th>$msgAction</th>
3751 </tr>
3752 </thead>
3753 <tbody>
3754 END;
3755
3756- while ($aRow = $db->get_row($results))
3757- {
3758- $mediaid = Kit::ValidateParam($aRow[0], _INT);
3759- $media = Kit::ValidateParam($aRow[1], _STRING);
3760- $mediatype = Kit::ValidateParam($aRow[2], _WORD);
3761- $length = sec2hms(Kit::ValidateParam($aRow[3], _DOUBLE));
3762- $ownerid = Kit::ValidateParam($aRow[4], _INT);
3763-
3764- $permission = Kit::ValidateParam($aRow[5], _STRING);
3765- $permissionid = Kit::ValidateParam($aRow[6], _INT);
3766-
3767- //get the username from the userID using the user module
3768- $username = $user->getNameFromID($ownerid);
3769- $group = $user->getGroupFromID($ownerid);
3770-
3771- //get the permissions
3772- list($see_permissions , $edit_permissions) = $user->eval_permission($ownerid, $permissionid);
3773-
3774- if ($see_permissions) //is this user allowed to see this
3775- {
3776- if ($edit_permissions)
3777- {
3778- //double click action - depends on what type of media we are
3779- $output .= <<<END
3780- <tr href='index.php?p=module&mod=$mediatype&q=Exec&method=EditForm&mediaid=$mediaid' ondblclick="XiboFormRender($(this).attr('href'))">
3781-END;
3782- }
3783- else
3784- {
3785- $output .= '<tr ondblclick="alert(' . __('You do not have permission to edit this media') . ')">';
3786- }
3787-
3788- $output .= "<td>$media</td>\n";
3789- $output .= "<td>$mediatype</td>\n";
3790- $output .= "<td>$length</td>\n";
3791- $output .= "<td>$permission</td>\n";
3792- $output .= "<td>$username</td>";
3793-
3794- // ACTION buttons
3795- if ($edit_permissions)
3796- {
3797- $msgEdit = __('Edit');
3798- $msgDelete = __('Delete');
3799-
3800- $buttons = "<button class='XiboFormButton' title='$msgEdit' href='index.php?p=module&mod=$mediatype&q=Exec&method=EditForm&mediaid=$mediaid'><span>$msgEdit</span></button>";
3801- $buttons .= "<button class='XiboFormButton' title='$msgDelete' href='index.php?p=module&mod=$mediatype&q=Exec&method=DeleteForm&mediaid=$mediaid'><span>$msgDelete</span></button>";
3802- }
3803- else
3804- {
3805- $buttons = __("No available actions.");
3806- }
3807-
3808- $output .= <<<END
3809- <td>
3810- <div class='buttons'>
3811- $buttons
3812- </div>
3813- </td>
3814-END;
3815-
3816- $output .= "</tr>\n";
3817- }
3818- }
3819+ while ($aRow = $db->get_row($results))
3820+ {
3821+ $mediaid = Kit::ValidateParam($aRow[0], _INT);
3822+ $media = Kit::ValidateParam($aRow[1], _STRING);
3823+ $mediatype = Kit::ValidateParam($aRow[2], _WORD);
3824+ $length = sec2hms(Kit::ValidateParam($aRow[3], _DOUBLE));
3825+ $ownerid = Kit::ValidateParam($aRow[4], _INT);
3826+
3827+ //get the username from the userID using the user module
3828+ $username = $user->getNameFromID($ownerid);
3829+
3830+ $group = $this->GroupsForMedia($mediaid);
3831+
3832+ // Permissions
3833+ $auth = $this->user->MediaAuth($mediaid, true);
3834+
3835+ if ($auth->view) //is this user allowed to see this
3836+ {
3837+ if ($auth->edit)
3838+ {
3839+ //double click action - depends on what type of media we are
3840+ $output .= <<<END
3841+ <tr href='index.php?p=module&mod=$mediatype&q=Exec&method=EditForm&mediaid=$mediaid' ondblclick="XiboFormRender($(this).attr('href'))">
3842+END;
3843+ }
3844+ else
3845+ {
3846+ $output .= '<tr ondblclick="alert(' . __('You do not have permission to edit this media') . ')">';
3847+ }
3848+
3849+ $output .= "<td>$media</td>\n";
3850+ $output .= "<td>$mediatype</td>\n";
3851+ $output .= "<td>$length</td>\n";
3852+ $output .= "<td>$username</td>";
3853+ $output .= "<td>$group</td>";
3854+
3855+ // ACTION buttons
3856+ if ($auth->edit)
3857+ {
3858+ $msgEdit = __('Edit');
3859+ $msgDelete = __('Delete');
3860+
3861+ $buttons = "<button class='XiboFormButton' title='$msgEdit' href='index.php?p=module&mod=$mediatype&q=Exec&method=EditForm&mediaid=$mediaid'><span>$msgEdit</span></button>";
3862+
3863+ if ($auth->del)
3864+ $buttons .= "<button class='XiboFormButton' title='$msgDelete' href='index.php?p=module&mod=$mediatype&q=Exec&method=DeleteForm&mediaid=$mediaid'><span>$msgDelete</span></button>";
3865+
3866+ if ($auth->modifyPermissions)
3867+ $buttons .= "<button class='XiboFormButton' title='$msgShared' href='index.php?p=module&mod=$mediatype&q=Exec&method=PermissionsForm&mediaid=$mediaid'><span>$msgShared</span></button>";
3868+ }
3869+ else
3870+ {
3871+ $buttons = __("No available actions.");
3872+ }
3873+
3874+ $output .= <<<END
3875+ <td>
3876+ <div class='buttons'>
3877+ $buttons
3878+ </div>
3879+ </td>
3880+END;
3881+
3882+ $output .= "</tr>\n";
3883+ }
3884+ }
3885
3886 $output .= "</tbody></table>\n</div>\n";
3887
3888 $response->SetGridResponse($output);
3889- $response->Respond();
3890- }
3891+ $response->Respond();
3892+ }
3893
3894 /**
3895 * Display the forms
3896@@ -501,11 +490,8 @@
3897 $SQL .= " media.name, ";
3898 $SQL .= " media.type, ";
3899 $SQL .= " media.duration, ";
3900- $SQL .= " media.userID, ";
3901- $SQL .= " permission.permission, ";
3902- $SQL .= " media.permissionID ";
3903+ $SQL .= " media.userID ";
3904 $SQL .= "FROM media ";
3905- $SQL .= "INNER JOIN permission ON permission.permissionID = media.permissionID ";
3906 $SQL .= "WHERE retired = 0 AND isEdited = 0 ";
3907 if($mediatype != "all")
3908 {
3909@@ -528,7 +514,6 @@
3910 $msgType = __('Type');
3911 $msgLen = __('Duration');
3912 $msgOwner = __('Owner');
3913- $msgShared = __('Shared');
3914 $msgSelect = __('Select');
3915
3916 //some table headings
3917@@ -543,7 +528,6 @@
3918 <th>$msgName</th>
3919 <th>$msgType</th>
3920 <th>$msgLen</th>
3921- <th>$msgShared</th>
3922 <th>$msgSelect</th>
3923 </tr>
3924 </thead>
3925@@ -559,26 +543,21 @@
3926 $length = sec2hms(Kit::ValidateParam($row[3], _DOUBLE));
3927 $ownerid = Kit::ValidateParam($row[4], _INT);
3928
3929- $permission = Kit::ValidateParam($row[5], _STRING);
3930- $permissionid = Kit::ValidateParam($row[6], _INT);
3931-
3932 //get the username from the userID using the user module
3933 $username = $user->getNameFromID($ownerid);
3934 $group = $user->getGroupFromID($ownerid);
3935
3936- //get the permissions
3937- list($see_permissions , $edit_permissions) = $user->eval_permission($ownerid, $permissionid);
3938-
3939- if ($see_permissions)
3940- { //is this user allowed to see this
3941+ // Permissions
3942+ $auth = $this->user->MediaAuth($mediaid, true);
3943
3944- $form .= "<tr>";
3945- $form .= "<td>" . $media . "</td>\n";
3946- $form .= "<td>" . $mediatype . "</td>\n";
3947- $form .= "<td>" . $length . "</td>\n";
3948- $form .= "<td>" . $permission . "</td>\n";
3949- $form .= "<td><input type='checkbox' name='mediaids[]' value='$mediaid'></td>";
3950- $form .= "</tr>";
3951+ if ($auth->view) //is this user allowed to see this
3952+ {
3953+ $form .= "<tr>";
3954+ $form .= "<td>" . $media . "</td>\n";
3955+ $form .= "<td>" . $mediatype . "</td>\n";
3956+ $form .= "<td>" . $length . "</td>\n";
3957+ $form .= "<td><input type='checkbox' name='mediaids[]' value='$mediaid'></td>";
3958+ $form .= "</tr>";
3959 }
3960 }
3961
3962@@ -674,5 +653,42 @@
3963 Debug::LogEntry($db, "audit", "[OUT]", "FileUpload");
3964 exit;
3965 }
3966+
3967+ /**
3968+ * Get a list of group names for a layout
3969+ * @param <type> $layoutId
3970+ * @return <type>
3971+ */
3972+ private function GroupsForMedia($mediaId)
3973+ {
3974+ $db =& $this->db;
3975+
3976+ $SQL = '';
3977+ $SQL .= 'SELECT `group`.Group ';
3978+ $SQL .= ' FROM `group` ';
3979+ $SQL .= ' INNER JOIN lkmediagroup ';
3980+ $SQL .= ' ON `group`.GroupID = lkmediagroup.GroupID ';
3981+ $SQL .= ' WHERE lkmediagroup.MediaID = %d ';
3982+
3983+ $SQL = sprintf($SQL, $mediaId);
3984+
3985+ if (!$results = $db->query($SQL))
3986+ {
3987+ trigger_error($db->error());
3988+ trigger_error(__('Unable to get group information for media'), E_USER_ERROR);
3989+ }
3990+
3991+ $groups = '';
3992+
3993+ while ($row = $db->get_assoc_row($results))
3994+ {
3995+ $groups .= $row['Group'] . ', ';
3996+ }
3997+
3998+ $groups = trim($groups);
3999+ $groups = trim($groups, ',');
4000+
4001+ return $groups;
4002+ }
4003 }
4004 ?>
4005\ No newline at end of file
4006
4007=== added file 'server/lib/pages/dataset.class.php'
4008--- server/lib/pages/dataset.class.php 1970-01-01 00:00:00 +0000
4009+++ server/lib/pages/dataset.class.php 2011-08-18 23:36:27 +0000
4010@@ -0,0 +1,1022 @@
4011+<?php
4012+/*
4013+ * Xibo - Digitial Signage - http://www.xibo.org.uk
4014+ * Copyright (C) 2011 Daniel Garner
4015+ *
4016+ * This file is part of Xibo.
4017+ *
4018+ * Xibo is free software: you can redistribute it and/or modify
4019+ * it under the terms of the GNU Affero General Public License as published by
4020+ * the Free Software Foundation, either version 3 of the License, or
4021+ * any later version.
4022+ *
4023+ * Xibo is distributed in the hope that it will be useful,
4024+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
4025+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
4026+ * GNU Affero General Public License for more details.
4027+ *
4028+ * You should have received a copy of the GNU Affero General Public License
4029+ * along with Xibo. If not, see <http://www.gnu.org/licenses/>.
4030+ */
4031+defined('XIBO') or die('Sorry, you are not allowed to directly access this page.<br /> Please press the back button in your browser.');
4032+
4033+class datasetDAO
4034+{
4035+ private $db;
4036+ private $user;
4037+
4038+ function __construct(database $db, user $user)
4039+ {
4040+ $this->db =& $db;
4041+ $this->user =& $user;
4042+
4043+ Kit::ClassLoader('dataset');
4044+ Kit::ClassLoader('datasetcolumn');
4045+ Kit::ClassLoader('datasetdata');
4046+ }
4047+
4048+ function on_page_load()
4049+ {
4050+ return "";
4051+ }
4052+
4053+ function echo_page_heading()
4054+ {
4055+ echo __("Layouts");
4056+ return true;
4057+ }
4058+
4059+ function displayPage()
4060+ {
4061+ require('template/pages/dataset_view.php');
4062+ }
4063+
4064+ public function DataSetFilter()
4065+ {
4066+ $id = uniqid();
4067+
4068+ $xiboGrid = <<<HTML
4069+ <div class="XiboGrid" id="$id">
4070+ <div class="XiboFilter">
4071+ <form onsubmit="return false">
4072+ <input type="hidden" name="p" value="dataset">
4073+ <input type="hidden" name="q" value="DataSetGrid">
4074+ </form>
4075+ </div>
4076+ <div class="XiboData">
4077+
4078+ </div>
4079+ </div>
4080+HTML;
4081+ echo $xiboGrid;
4082+ }
4083+
4084+ public function DataSetGrid()
4085+ {
4086+ $db =& $this->db;
4087+ $user =& $this->user;
4088+ $response = new ResponseManager();
4089+
4090+ $msgEdit = __('Edit');
4091+ $msgDelete = __('Delete');
4092+ $msgPermissions = __('Permissions');
4093+
4094+ $output = <<<END
4095+ <div class="info_table">
4096+ <table style="width:100%">
4097+ <thead>
4098+ <tr>
4099+ <th>Name</th>
4100+ <th>Description</th>
4101+ <th>Owner</th>
4102+ <th>$msgPermissions</th>
4103+ <th>Action</th>
4104+ </tr>
4105+ </thead>
4106+ <tbody>
4107+END;
4108+
4109+ foreach($this->user->DataSetList() as $dataSet)
4110+ {
4111+ $auth = $user->DataSetAuth($dataSet['datasetid'], true);
4112+ $owner = $user->getNameFromID($dataSet['ownerid']);
4113+ $groups = $this->GroupsForDataSet($dataSet['datasetid']);
4114+
4115+ $output .= '<tr>';
4116+ $output .= ' <td>' . $dataSet['dataset'] . '</td>';
4117+ $output .= ' <td>' . $dataSet['description'] . '</td>';
4118+ $output .= ' <td>' . $owner . '</td>';
4119+ $output .= ' <td>' . $groups . '</td>';
4120+ $output .= ' <td>';
4121+
4122+ if ($auth->edit)
4123+ {
4124+ $output .= '<button class="XiboFormButton" href="index.php?p=dataset&q=DataSetDataForm&datasetid=' . $dataSet['datasetid'] . '&dataset=' . $dataSet['dataset'] . '"><span>' . __('View Data') . '</span></button>';
4125+ $output .= '<button class="XiboFormButton" href="index.php?p=dataset&q=DataSetColumnsForm&datasetid=' . $dataSet['datasetid'] . '&dataset=' . $dataSet['dataset'] . '"><span>' . __('View Columns') . '</span></button>';
4126+ $output .= '<button class="XiboFormButton" href="index.php?p=dataset&q=EditDataSetForm&datasetid=' . $dataSet['datasetid'] . '"><span>' . $msgEdit . '</span></button>';
4127+ }
4128+
4129+ if ($auth->del)
4130+ $output .= '<button class="XiboFormButton" href="index.php?p=dataset&q=DeleteDataSetForm&datasetid=' . $dataSet['datasetid'] . '"><span>' . $msgDelete . '</span></button>';
4131+
4132+ if ($auth->modifyPermissions)
4133+ $output .= '<button class="XiboFormButton" href="index.php?p=dataset&q=PermissionsForm&datasetid=' . $dataSet['datasetid'] . '"><span>' . $msgPermissions . '</span></button>';
4134+
4135+ $output .= ' </td>';
4136+ $output .= '</tr>';
4137+ }
4138+
4139+ $output .= '</tbody></table></div>';
4140+ $response->SetGridResponse($output);
4141+ $response->Respond();
4142+ }
4143+
4144+ public function AddDataSetForm()
4145+ {
4146+ $db =& $this->db;
4147+ $user =& $this->user;
4148+ $response = new ResponseManager();
4149+
4150+ $helpManager = new HelpManager($db, $user);
4151+
4152+ $msgName = __('Name');
4153+ $msgDesc = __('Description');
4154+
4155+ $form = <<<END
4156+ <form id="AddDataSetForm" class="XiboForm" method="post" action="index.php?p=dataset&q=AddDataSet">
4157+ <table>
4158+ <tr>
4159+ <td><label for="dataset" accesskey="n">$msgName<span class="required">*</span></label></td>
4160+ <td><input name="dataset" class="required" type="text" id="dataset" tabindex="1" /></td>
4161+ </tr>
4162+ <tr>
4163+ <td><label for="description" accesskey="d">$msgDesc</label></td>
4164+ <td><input name="description" type="text" id="description" tabindex="2" /></td>
4165+ </tr>
4166+ </table>
4167+ </form>
4168+END;
4169+
4170+
4171+ $response->SetFormRequestResponse($form, __('Add DataSet'), '350px', '275px');
4172+ $response->AddButton(__('Help'), 'XiboHelpRender("' . $helpManager->Link('DataSet', 'Add') . '")');
4173+ $response->AddButton(__('Cancel'), 'XiboDialogClose()');
4174+ $response->AddButton(__('Add'), '$("#AddDataSetForm").submit()');
4175+ $response->Respond();
4176+ }
4177+
4178+ /**
4179+ * Add a dataset
4180+ */
4181+ public function AddDataSet()
4182+ {
4183+ $db =& $this->db;
4184+ $user =& $this->user;
4185+ $response = new ResponseManager();
4186+
4187+ $dataSet = Kit::GetParam('dataset', _POST, _STRING);
4188+ $description = Kit::GetParam('description', _POST, _STRING);
4189+
4190+ $dataSetObject = new DataSet($db);
4191+ if (!$dataSetId = $dataSetObject->Add($dataSet, $description, $this->user->userid))
4192+ trigger_error($dataSetObject->GetErrorMessage(), E_USER_ERROR);
4193+
4194+ // Also add one column
4195+ $dataSetColumn = new DataSetColumn($db);
4196+ $dataSetColumn->Add($dataSetId, 'Col1', 1, null, 1);
4197+
4198+ $response->SetFormSubmitResponse(__('DataSet Added'));
4199+ $response->Respond();
4200+ }
4201+
4202+ public function EditDataSetForm()
4203+ {
4204+ $db =& $this->db;
4205+ $user =& $this->user;
4206+ $response = new ResponseManager();
4207+
4208+ $helpManager = new HelpManager($db, $user);
4209+
4210+ $dataSetId = Kit::GetParam('datasetid', _GET, _INT);
4211+
4212+ $auth = $user->DataSetAuth($dataSetId, true);
4213+ if (!$auth->edit)
4214+ trigger_error(__('Access Denied'));
4215+
4216+ // Get the information we already know
4217+ $SQL = sprintf("SELECT DataSet, Description FROM dataset WHERE DataSetID = %d", $dataSetId);
4218+
4219+ if (!$row = $db->GetSingleRow($SQL))
4220+ trigger_error(__('Unable to get DataSet information'));
4221+
4222+ $dataSet = $row['DataSet'];
4223+ $description = $row['Description'];
4224+
4225+ $msgName = __('Name');
4226+ $msgDesc = __('Description');
4227+
4228+ $form = <<<END
4229+ <form id="EditDataSetForm" class="XiboForm" method="post" action="index.php?p=dataset&q=EditDataSet">
4230+ <input type="hidden" name="datasetid" value="$dataSetId" />
4231+ <table>
4232+ <tr>
4233+ <td><label for="dataset" accesskey="n">$msgName<span class="required">*</span></label></td>
4234+ <td><input name="dataset" class="required" type="text" id="dataset" tabindex="1" value="$dataSet" /></td>
4235+ </tr>
4236+ <tr>
4237+ <td><label for="description" accesskey="d">$msgDesc</label></td>
4238+ <td><input name="description" type="text" id="description" tabindex="2" value="$description" /></td>
4239+ </tr>
4240+ </table>
4241+ </form>
4242+END;
4243+
4244+
4245+ $response->SetFormRequestResponse($form, __('Edit DataSet'), '350px', '275px');
4246+ $response->AddButton(__('Help'), 'XiboHelpRender("' . $helpManager->Link('DataSet', 'Add') . '")');
4247+ $response->AddButton(__('Cancel'), 'XiboDialogClose()');
4248+ $response->AddButton(__('Edit'), '$("#EditDataSetForm").submit()');
4249+ $response->Respond();
4250+ }
4251+
4252+ public function EditDataSet()
4253+ {
4254+ $db =& $this->db;
4255+ $user =& $this->user;
4256+ $response = new ResponseManager();
4257+
4258+ $dataSetId = Kit::GetParam('datasetid', _POST, _INT);
4259+
4260+ $auth = $user->DataSetAuth($dataSetId, true);
4261+ if (!$auth->edit)
4262+ trigger_error(__('Access Denied'));
4263+
4264+ $dataSet = Kit::GetParam('dataset', _POST, _STRING);
4265+ $description = Kit::GetParam('description', _POST, _STRING);
4266+
4267+ $dataSetObject = new DataSet($db);
4268+ if (!$dataSetObject->Edit($dataSetId, $dataSet, $description))
4269+ trigger_error($dataSetObject->GetErrorMessage(), E_USER_ERROR);
4270+
4271+ $response->SetFormSubmitResponse(__('DataSet Edited'));
4272+ $response->Respond();
4273+ }
4274+
4275+ /**
4276+ * Return the Delete Form as HTML
4277+ * @return
4278+ */
4279+ public function DeleteDataSetForm()
4280+ {
4281+ $db =& $this->db;
4282+ $response = new ResponseManager();
4283+ $helpManager = new HelpManager($db, $this->user);
4284+
4285+ $dataSetId = Kit::GetParam('datasetid', _GET, _INT);
4286+
4287+ $auth = $this->user->DataSetAuth($dataSetId, true);
4288+ if (!$auth->del)
4289+ trigger_error(__('Access Denied'));
4290+
4291+ // Translate messages
4292+ $msgDelete = __('Are you sure you want to delete this DataSet?');
4293+ $msgYes = __('Yes');
4294+ $msgNo = __('No');
4295+
4296+ //we can delete
4297+ $form = <<<END
4298+ <form id="DataSetDeleteForm" class="XiboForm" method="post" action="index.php?p=dataset&q=DeleteDataSet">
4299+ <input type="hidden" name="datasetid" value="$dataSetId">
4300+ <p>$msgDelete</p>
4301+ </form>
4302+END;
4303+
4304+ $response->SetFormRequestResponse($form, __('Delete this DataSet?'), '350px', '200px');
4305+ $response->AddButton(__('Help'), 'XiboHelpRender("' . $helpManager->Link('DataSet', 'Delete') . '")');
4306+ $response->AddButton(__('Cancel'), 'XiboDialogClose()');
4307+ $response->AddButton(__('Delete'), '$("#DataSetDeleteForm").submit()');
4308+ $response->Respond();
4309+ }
4310+
4311+ public function DeleteDataSet()
4312+ {
4313+ $db =& $this->db;
4314+ $user =& $this->user;
4315+ $response = new ResponseManager();
4316+
4317+ $dataSetId = Kit::GetParam('datasetid', _POST, _INT);
4318+
4319+ $auth = $user->DataSetAuth($dataSetId, true);
4320+ if (!$auth->del)
4321+ trigger_error(__('Access Denied'));
4322+
4323+ $dataSetObject = new DataSet($db);
4324+ if (!$dataSetObject->Delete($dataSetId))
4325+ trigger_error($dataSetObject->GetErrorMessage(), E_USER_ERROR);
4326+
4327+ $response->SetFormSubmitResponse(__('DataSet Deleted'));
4328+ $response->Respond();
4329+ }
4330+
4331+ public function DataSetColumnsForm()
4332+ {
4333+ $db =& $this->db;
4334+ $response = new ResponseManager();
4335+ $helpManager = new HelpManager($db, $this->user);
4336+
4337+ $dataSetId = Kit::GetParam('datasetid', _GET, _INT);
4338+ $dataSet = Kit::GetParam('dataset', _GET, _STRING);
4339+
4340+ $auth = $this->user->DataSetAuth($dataSetId, true);
4341+ if (!$auth->edit)
4342+ trigger_error(__('Access Denied'));
4343+
4344+ $msgEdit = __('Edit');
4345+ $msgDelete = __('Delete');
4346+
4347+ $form = <<<END
4348+ <div class="info_table">
4349+ <table style="width:100%">
4350+ <thead>
4351+ <tr>
4352+ <th>Heading</th>
4353+ <th>Data Type</th>
4354+ <th>List Content</th>
4355+ <th>Column Order</th>
4356+ <th>Action</th>
4357+ </tr>
4358+ </thead>
4359+ <tbody>
4360+END;
4361+
4362+ $SQL = "";
4363+ $SQL .= "SELECT DataSetColumnID, Heading, DataTypeID, ListContent, ColumnOrder ";
4364+ $SQL .= " FROM datasetcolumn ";
4365+ $SQL .= sprintf(" WHERE DataSetID = %d ", $dataSetId);
4366+ $SQL .= "ORDER BY ColumnOrder ";
4367+
4368+ if (!$results = $db->query($SQL))
4369+ trigger_error(__('Unable to get columns for DataSet'));
4370+
4371+ while ($row = $db->get_assoc_row($results))
4372+ {
4373+ $form .= '<tr>';
4374+ $form .= ' <td>' . $row['Heading'] . '</td>';
4375+ $form .= ' <td>String</td>';
4376+ $form .= ' <td>' . $row['ListContent'] . '</td>';
4377+ $form .= ' <td>' . $row['ColumnOrder'] . '</td>';
4378+ $form .= ' <td>';
4379+ $form .= ' <button class="XiboFormButton" href="index.php?p=dataset&q=EditDataSetColumnForm&datasetid=' . $dataSetId . '&datasetcolumnid=' . $row['DataSetColumnID'] . '&dataset=' . $dataSet . '"><span>' . $msgEdit . '</span></button>';
4380+
4381+ if ($auth->del)
4382+ $form .= ' <button class="XiboFormButton" href="index.php?p=dataset&q=DeleteDataSetColumnForm&datasetid=' . $dataSetId . '&datasetcolumnid=' . $row['DataSetColumnID'] . '&dataset=' . $dataSet . '"><span>' . $msgDelete . '</span></button>';
4383+
4384+ $form .= ' </td>';
4385+ $form .= '</tr>';
4386+ }
4387+
4388+ $form .= '</tbody></table></div>';
4389+
4390+ $response->SetFormRequestResponse($form, sprintf(__('Columns for %s'), $dataSet), '550px', '400px');
4391+ $response->AddButton(__('Help'), 'XiboHelpRender("' . $helpManager->Link('DataSet', 'ViewColumns') . '")');
4392+ $response->AddButton(__('Close'), 'XiboDialogClose()');
4393+ $response->AddButton(__('Add Column'), 'XiboFormRender("index.php?p=dataset&q=AddDataSetColumnForm&datasetid=' . $dataSetId . '&dataset=' . $dataSet . '")');
4394+ $response->Respond();
4395+ }
4396+
4397+ public function AddDataSetColumnForm()
4398+ {
4399+ $db =& $this->db;
4400+ $response = new ResponseManager();
4401+ $helpManager = new HelpManager($db, $this->user);
4402+
4403+ $dataSetId = Kit::GetParam('datasetid', _GET, _INT);
4404+ $dataSet = Kit::GetParam('dataset', _GET, _STRING);
4405+
4406+ $auth = $this->user->DataSetAuth($dataSetId, true);
4407+ if (!$auth->edit)
4408+ trigger_error(__('Access Denied'));
4409+
4410+ $msgHeading = __('Heading');
4411+ $msgListContent = __('List Content');
4412+ $msgColumnOrder = __('Column Order');
4413+
4414+ $form = <<<END
4415+ <form id="DataSetColumnEditForm" class="XiboForm" method="post" action="index.php?p=dataset&q=AddDataSetColumn">
4416+ <input type="hidden" name="dataset" value="$dataSet" />
4417+ <input type="hidden" name="datasetid" value="$dataSetId" />
4418+ <table>
4419+ <tr>
4420+ <td><label for="heading" accesskey="h">$msgHeading<span class="required">*</span></label></td>
4421+ <td><input name="heading" class="required" type="text" id="heading" tabindex="1" /></td>
4422+ </tr>
4423+ <tr>
4424+ <td><label for="listcontent" accesskey="l">$msgListContent</label></td>
4425+ <td><input name="listcontent" type="text" id="listcontent" tabindex="2" /></td>
4426+ </tr>
4427+ <tr>
4428+ <td><label for="columnorder" accesskey="c">$msgColumnOrder</label></td>
4429+ <td><input name="columnorder" type="text" id="columnorder" tabindex="3" /></td>
4430+ </tr>
4431+ </table>
4432+ </form>
4433+END;
4434+
4435+ $response->SetFormRequestResponse($form, __('Add Column'), '450px', '400px');
4436+ $response->AddButton(__('Help'), 'XiboHelpRender("' . $helpManager->Link('DataSet', 'EditColumn') . '")');
4437+ $response->AddButton(__('Cancel'), 'XiboFormRender("index.php?p=dataset&q=DataSetColumnsForm&datasetid=' . $dataSetId . '&dataset=' . $dataSet . '")');
4438+ $response->AddButton(__('Save'), '$("#DataSetColumnEditForm").submit()');
4439+ $response->Respond();
4440+ }
4441+
4442+ public function AddDataSetColumn()
4443+ {
4444+ $db =& $this->db;
4445+ $user =& $this->user;
4446+ $response = new ResponseManager();
4447+
4448+ $dataSetId = Kit::GetParam('datasetid', _POST, _INT);
4449+ $dataSet = Kit::GetParam('dataset', _POST, _STRING);
4450+
4451+ $auth = $user->DataSetAuth($dataSetId, true);
4452+ if (!$auth->edit)
4453+ trigger_error(__('Access Denied'));
4454+
4455+ $heading = Kit::GetParam('heading', _POST, _WORD);
4456+ $listContent = Kit::GetParam('listcontent', _POST, _STRING);
4457+ $columnOrder = Kit::GetParam('columnorder', _POST, _INT);
4458+
4459+ $dataSetObject = new DataSetColumn($db);
4460+ if (!$dataSetObject->Add($dataSetId, $heading, 1, $listContent))
4461+ trigger_error($dataSetObject->GetErrorMessage(), E_USER_ERROR);
4462+
4463+ $response->SetFormSubmitResponse(__('Column Edited'));
4464+ $response->hideMessage = true;
4465+ $response->loadForm = true;
4466+ $response->loadFormUri = 'index.php?p=dataset&q=DataSetColumnsForm&datasetid=' . $dataSetId . '&dataset=' . $dataSet;
4467+ $response->Respond();
4468+ }
4469+
4470+ public function EditDataSetColumnForm()
4471+ {
4472+ $db =& $this->db;
4473+ $response = new ResponseManager();
4474+ $helpManager = new HelpManager($db, $this->user);
4475+
4476+ $dataSetId = Kit::GetParam('datasetid', _GET, _INT);
4477+ $dataSetColumnId = Kit::GetParam('datasetcolumnid', _GET, _INT);
4478+ $dataSet = Kit::GetParam('dataset', _GET, _STRING);
4479+
4480+ $auth = $this->user->DataSetAuth($dataSetId, true);
4481+ if (!$auth->edit)
4482+ trigger_error(__('Access Denied'));
4483+
4484+ // Get some information about this data set column
4485+ $SQL = sprintf("SELECT Heading, ListContent, ColumnOrder FROM datasetcolumn WHERE DataSetColumnID = %d", $dataSetColumnId);
4486+
4487+ if (!$row = $db->GetSingleRow($SQL))
4488+ trigger_error(__('Unabled to get Data Column information'), E_USER_ERROR);
4489+
4490+ $heading = Kit::ValidateParam($row['Heading'], _WORD);
4491+ $listContent = Kit::ValidateParam($row['ListContent'], _STRING);
4492+ $columnOrder = Kit::ValidateParam($row['ColumnOrder'], _INT);
4493+
4494+ $msgHeading = __('Heading');
4495+ $msgListContent = __('List Content');
4496+ $msgColumnOrder = __('Column Order');
4497+
4498+ $form = <<<END
4499+ <form id="DataSetColumnEditForm" class="XiboForm" method="post" action="index.php?p=dataset&q=EditDataSetColumn">
4500+ <input type="hidden" name="dataset" value="$dataSet" />
4501+ <input type="hidden" name="datasetid" value="$dataSetId" />
4502+ <input type="hidden" name="datasetcolumnid" value="$dataSetColumnId" />
4503+ <table>
4504+ <tr>
4505+ <td><label for="heading" accesskey="h">$msgHeading<span class="required">*</span></label></td>
4506+ <td><input name="heading" class="required" type="text" id="heading" tabindex="1" value="$heading" /></td>
4507+ </tr>
4508+ <tr>
4509+ <td><label for="listcontent" accesskey="l">$msgListContent</label></td>
4510+ <td><input name="listcontent" type="text" id="listcontent" tabindex="2" value="$listContent" /></td>
4511+ </tr>
4512+ <tr>
4513+ <td><label for="columnorder" accesskey="c">$msgColumnOrder</label></td>
4514+ <td><input name="columnorder" type="text" id="columnorder" tabindex="3" value="$columnOrder" /></td>
4515+ </tr>
4516+ </table>
4517+ </form>
4518+END;
4519+
4520+ $response->SetFormRequestResponse($form, __('Edit Column'), '450px', '400px');
4521+ $response->AddButton(__('Help'), 'XiboHelpRender("' . $helpManager->Link('DataSet', 'EditColumn') . '")');
4522+ $response->AddButton(__('Cancel'), 'XiboFormRender("index.php?p=dataset&q=DataSetColumnsForm&datasetid=' . $dataSetId . '&dataset=' . $dataSet . '")');
4523+ $response->AddButton(__('Save'), '$("#DataSetColumnEditForm").submit()');
4524+ $response->Respond();
4525+ }
4526+
4527+ public function EditDataSetColumn()
4528+ {
4529+ $db =& $this->db;
4530+ $user =& $this->user;
4531+ $response = new ResponseManager();
4532+
4533+ $dataSetId = Kit::GetParam('datasetid', _POST, _INT);
4534+ $dataSet = Kit::GetParam('dataset', _POST, _STRING);
4535+
4536+ $auth = $user->DataSetAuth($dataSetId, true);
4537+ if (!$auth->edit)
4538+ trigger_error(__('Access Denied'));
4539+
4540+ $dataSetColumnId = Kit::GetParam('datasetcolumnid', _POST, _INT);
4541+ $heading = Kit::GetParam('heading', _POST, _WORD);
4542+ $listContent = Kit::GetParam('listcontent', _POST, _STRING);
4543+ $columnOrder = Kit::GetParam('columnorder', _POST, _INT);
4544+
4545+ $dataSetObject = new DataSetColumn($db);
4546+ if (!$dataSetObject->Edit($dataSetColumnId, $heading, 1, $listContent, $columnOrder))
4547+ trigger_error($dataSetObject->GetErrorMessage(), E_USER_ERROR);
4548+
4549+ $response->SetFormSubmitResponse(__('Column Edited'));
4550+ $response->hideMessage = true;
4551+ $response->loadForm = true;
4552+ $response->loadFormUri = 'index.php?p=dataset&q=DataSetColumnsForm&datasetid=' . $dataSetId . '&dataset=' . $dataSet;
4553+ $response->Respond();
4554+ }
4555+
4556+ public function DeleteDataSetColumnForm()
4557+ {
4558+ $db =& $this->db;
4559+ $response = new ResponseManager();
4560+ $helpManager = new HelpManager($db, $this->user);
4561+
4562+ $dataSetId = Kit::GetParam('datasetid', _GET, _INT);
4563+ $dataSet = Kit::GetParam('dataset', _GET, _STRING);
4564+
4565+ $auth = $this->user->DataSetAuth($dataSetId, true);
4566+ if (!$auth->edit)
4567+ trigger_error(__('Access Denied'));
4568+
4569+ $dataSetColumnId = Kit::GetParam('datasetcolumnid', _GET, _INT);
4570+
4571+ $auth = $this->user->DataSetAuth($dataSetId, true);
4572+ if (!$auth->del)
4573+ trigger_error(__('Access Denied'));
4574+
4575+ // Translate messages
4576+ $msgDelete = __('Are you sure you want to delete this Column?');
4577+ $msgYes = __('Yes');
4578+ $msgNo = __('No');
4579+
4580+ //we can delete
4581+ $form = <<<END
4582+ <form id="DataSetColumnDeleteForm" class="XiboForm" method="post" action="index.php?p=dataset&q=DeleteDataSetColumn">
4583+ <input type="hidden" name="datasetid" value="$dataSetId">
4584+ <input type="hidden" name="dataset" value="$dataSet">
4585+ <input type="hidden" name="datasetcolumnid" value="$dataSetColumnId">
4586+ <p>$msgDelete</p>
4587+ </form>
4588+END;
4589+
4590+ $response->SetFormRequestResponse($form, __('Delete this Column?'), '350px', '200px');
4591+ $response->AddButton(__('Help'), 'XiboHelpRender("' . $helpManager->Link('DataSet', 'DeleteColumn') . '")');
4592+ $response->AddButton(__('Cancel'), 'XiboFormRender("index.php?p=dataset&q=DataSetColumnsForm&datasetid=' . $dataSetId . '&dataset=' . $dataSet . '")');
4593+ $response->AddButton(__('Delete'), '$("#DataSetColumnDeleteForm").submit()');
4594+ $response->Respond();
4595+ }
4596+
4597+ public function DeleteDataSetColumn()
4598+ {
4599+ $db =& $this->db;
4600+ $user =& $this->user;
4601+ $response = new ResponseManager();
4602+
4603+ $dataSetId = Kit::GetParam('datasetid', _POST, _INT);
4604+ $dataSet = Kit::GetParam('dataset', _POST, _STRING);
4605+
4606+ $auth = $this->user->DataSetAuth($dataSetId, true);
4607+ if (!$auth->edit)
4608+ trigger_error(__('Access Denied'));
4609+
4610+ $dataSetColumnId = Kit::GetParam('datasetcolumnid', _POST, _INT);
4611+
4612+ $dataSetObject = new DataSetColumn($db);
4613+ if (!$dataSetObject->Delete($dataSetColumnId))
4614+ trigger_error($dataSetObject->GetErrorMessage(), E_USER_ERROR);
4615+
4616+ $response->SetFormSubmitResponse(__('Column Deleted'));
4617+ $response->hideMessage = true;
4618+ $response->loadForm = true;
4619+ $response->loadFormUri = 'index.php?p=dataset&q=DataSetColumnsForm&datasetid=' . $dataSetId . '&dataset=' . $dataSet;
4620+ $response->Respond();
4621+ }
4622+
4623+ public function DataSetDataForm()
4624+ {
4625+ $db =& $this->db;
4626+ $response = new ResponseManager();
4627+ $helpManager = new HelpManager($db, $this->user);
4628+
4629+ $dataSetId = Kit::GetParam('datasetid', _GET, _INT);
4630+ $dataSet = Kit::GetParam('dataset', _GET, _STRING);
4631+
4632+ $auth = $this->user->DataSetAuth($dataSetId, true);
4633+ if (!$auth->edit)
4634+ trigger_error(__('Access Denied'));
4635+
4636+ // Get the max number of rows
4637+ $SQL = "";
4638+ $SQL .= "SELECT MAX(RowNumber) AS RowNumber, COUNT(DISTINCT datasetcolumn.DataSetColumnID) AS ColNumber ";
4639+ $SQL .= " FROM datasetdata ";
4640+ $SQL .= " RIGHT OUTER JOIN datasetcolumn ";
4641+ $SQL .= " ON datasetcolumn.DataSetColumnID = datasetdata.DataSetColumnID ";
4642+ $SQL .= sprintf("WHERE datasetcolumn.DataSetID = %d ", $dataSetId);
4643+
4644+ Debug::LogEntry($db, 'audit', $SQL, 'dataset', 'DataSetDataForm');
4645+
4646+ if (!$maxResult = $db->GetSingleRow($SQL))
4647+ {
4648+ trigger_error($db->error());
4649+ trigger_error(__('Unable to find the number of data points'), E_USER_ERROR);
4650+ }
4651+
4652+ $maxRows = $maxResult['RowNumber'];
4653+ $maxCols = $maxResult['ColNumber'];
4654+
4655+ // Get some information about the columns in this dataset
4656+ $SQL = "SELECT Heading, DataSetColumnID, ListContent, ColumnOrder FROM datasetcolumn WHERE DataSetID = %d ";
4657+ $SQL .= "ORDER BY ColumnOrder ";
4658+
4659+ if (!$results = $db->query(sprintf($SQL, $dataSetId)))
4660+ {
4661+ trigger_error($db->error());
4662+ trigger_error(__('Unable to find the column headings'), E_USER_ERROR);
4663+ }
4664+
4665+ $columnDefinition = array();
4666+
4667+ $form = '<div class="info_table">';
4668+ $form .= '<table style="width:100%">';
4669+ $form .= ' <tr>';
4670+ $form .= ' <th>' . __('Row Number') . '</th>';
4671+
4672+ while ($row = $db->get_assoc_row($results))
4673+ {
4674+ $columnDefinition[] = $row;
4675+ $heading = $row['Heading'];
4676+
4677+ $form .= ' <th>' . $heading . '</th>';
4678+ }
4679+
4680+ $form .= '</tr>';
4681+
4682+ // Loop through the max rows
4683+ for ($row = 1; $row <= $maxRows + 2; $row++)
4684+ {
4685+ $form .= '<tr>';
4686+ $form .= ' <td>' . $row . '</td>';
4687+
4688+ // $row is the current row
4689+ for ($col = 0; $col < $maxCols; $col++)
4690+ {
4691+ $dataSetColumnId = $columnDefinition[$col]['DataSetColumnID'];
4692+ $listContent = $columnDefinition[$col]['ListContent'];
4693+ $columnOrder = $columnDefinition[$col]['ColumnOrder'];
4694+
4695+ // Value for this Col/Row
4696+ $value = '';
4697+
4698+ if ($row <= $maxRows)
4699+ {
4700+ // This is intended to be a blank row
4701+ $SQL = "";
4702+ $SQL .= "SELECT Value ";
4703+ $SQL .= " FROM datasetdata ";
4704+ $SQL .= "WHERE datasetdata.RowNumber = %d ";
4705+ $SQL .= " AND datasetdata.DataSetColumnID = %d ";
4706+ $SQL = sprintf($SQL, $row, $dataSetColumnId);
4707+
4708+ Debug::LogEntry($db, 'audit', $SQL, 'dataset');
4709+
4710+ if (!$results = $db->query($SQL))
4711+ {
4712+ trigger_error($db->error());
4713+ trigger_error(__('Can not get the data row/column'), E_USER_ERROR);
4714+ }
4715+
4716+ if ($db->num_rows($results) == 0)
4717+ {
4718+ $value = '';
4719+ }
4720+ else
4721+ {
4722+ $valueRow = $db->get_assoc_row($results);
4723+ $value = $valueRow['Value'];
4724+ }
4725+ }
4726+
4727+ // Do we need a select list?
4728+ if ($listContent != '')
4729+ {
4730+ $listItems = explode(',', $listContent);
4731+ $selected = ($value == '') ? ' selected' : '';
4732+ $select = '<select name="value">';
4733+ $select.= ' <option value="" ' . $selected . '></option>';
4734+
4735+ for ($i=0; $i < count($listItems); $i++)
4736+ {
4737+ $selected = ($listItems[$i] == $value) ? ' selected' : '';
4738+
4739+ $select .= '<option value="' . $listItems[$i] . '" ' . $selected . '>' . $listItems[$i] . '</option>';
4740+ }
4741+
4742+ $select .= '</select>';
4743+ }
4744+ else
4745+ {
4746+ $select = '<input type="text" name="value" value="' . $value . '">';
4747+ }
4748+
4749+ $action = ($value == '') ? 'AddDataSetData' : 'EditDataSetData';
4750+ $fieldId = uniqid();
4751+
4752+ $form .= <<<END
4753+ <td>
4754+ <form id="$fieldId" class="XiboDataSetDataForm" action="index.php?p=dataset&q=$action">
4755+ <input type="hidden" name="fieldid" value="$fieldId">
4756+ <input type="hidden" name="datasetid" value="$dataSetId">
4757+ <input type="hidden" name="datasetcolumnid" value="$dataSetColumnId">
4758+ <input type="hidden" name="rownumber" value="$row">
4759+ $select
4760+ </form>
4761+ </td>
4762+END;
4763+
4764+
4765+ } //cols loop
4766+
4767+ $form .= '</tr>';
4768+ } //rows loop
4769+
4770+ $form .= '</table></div>';
4771+
4772+ $response->SetFormRequestResponse($form, $dataSet, '750px', '600px', 'dataSetData');
4773+ $response->AddButton(__('Help'), 'XiboHelpRender("' . $helpManager->Link('DataSet', 'Data') . '")');
4774+ $response->AddButton(__('Add Rows'), 'XiboFormRender("index.php?p=dataset&q=DataSetDataForm&datasetid=' . $dataSetId . '&dataset=' . $dataSet . '")');
4775+ $response->AddButton(__('Done'), 'XiboDialogClose()');
4776+ $response->Respond();
4777+ }
4778+
4779+ public function AddDataSetData()
4780+ {
4781+ $db =& $this->db;
4782+ $user =& $this->user;
4783+ $response = new ResponseManager();
4784+
4785+ $response->uniqueReference = Kit::GetParam('fieldid', _POST, _WORD);
4786+ $dataSetId = Kit::GetParam('datasetid', _POST, _INT);
4787+ $dataSetColumnId = Kit::GetParam('datasetcolumnid', _POST, _INT);
4788+ $rowNumber = Kit::GetParam('rownumber', _POST, _INT);
4789+ $value = Kit::GetParam('value', _POST, _STRING);
4790+
4791+ $auth = $user->DataSetAuth($dataSetId, true);
4792+ if (!$auth->edit)
4793+ trigger_error(__('Access Denied'));
4794+
4795+ $dataSetObject = new DataSetData($db);
4796+ if (!$dataSetObject->Add($dataSetColumnId, $rowNumber, $value))
4797+ trigger_error($dataSetObject->GetErrorMessage(), E_USER_ERROR);
4798+
4799+ $response->SetFormSubmitResponse(__('Data Added'));
4800+ $response->loadFormUri = 'index.php?p=dataset&q=EditDataSetData';
4801+ $response->hideMessage = true;
4802+ $response->keepOpen = true;
4803+ $response->Respond();
4804+ }
4805+
4806+ public function EditDataSetData()
4807+ {
4808+ $db =& $this->db;
4809+ $user =& $this->user;
4810+ $response = new ResponseManager();
4811+
4812+ $response->uniqueReference = Kit::GetParam('fieldid', _POST, _WORD);
4813+ $dataSetId = Kit::GetParam('datasetid', _POST, _INT);
4814+ $dataSetColumnId = Kit::GetParam('datasetcolumnid', _POST, _INT);
4815+ $rowNumber = Kit::GetParam('rownumber', _POST, _INT);
4816+ $value = Kit::GetParam('value', _POST, _STRING);
4817+
4818+ $auth = $user->DataSetAuth($dataSetId, true);
4819+ if (!$auth->edit)
4820+ trigger_error(__('Access Denied'));
4821+
4822+ if ($value == '')
4823+ {
4824+ $dataSetObject = new DataSetData($db);
4825+ if (!$dataSetObject->Delete($dataSetColumnId, $rowNumber))
4826+ trigger_error($dataSetObject->GetErrorMessage(), E_USER_ERROR);
4827+
4828+ $response->SetFormSubmitResponse(__('Data Deleted'));
4829+ $response->loadFormUri = 'index.php?p=dataset&q=AddDataSetData';
4830+ }
4831+ else
4832+ {
4833+ $dataSetObject = new DataSetData($db);
4834+ if (!$dataSetObject->Edit($dataSetColumnId, $rowNumber, $value))
4835+ trigger_error($dataSetObject->GetErrorMessage(), E_USER_ERROR);
4836+
4837+ $response->SetFormSubmitResponse(__('Data Edited'));
4838+ $response->loadFormUri = 'index.php?p=dataset&q=EditDataSetData';
4839+ }
4840+
4841+ $response->hideMessage = true;
4842+ $response->keepOpen = true;
4843+ $response->Respond();
4844+ }
4845+
4846+ /**
4847+ * Get a list of group names for a layout
4848+ * @param <type> $layoutId
4849+ * @return <type>
4850+ */
4851+ private function GroupsForDataSet($dataSetId)
4852+ {
4853+ $db =& $this->db;
4854+
4855+ $SQL = '';
4856+ $SQL .= 'SELECT `group`.Group ';
4857+ $SQL .= ' FROM `group` ';
4858+ $SQL .= ' INNER JOIN lkdatasetgroup ';
4859+ $SQL .= ' ON `group`.GroupID = lkdatasetgroup.GroupID ';
4860+ $SQL .= ' WHERE lkdatasetgroup.DataSetID = %d ';
4861+
4862+ $SQL = sprintf($SQL, $dataSetId);
4863+
4864+ if (!$results = $db->query($SQL))
4865+ {
4866+ trigger_error($db->error());
4867+ trigger_error(__('Unable to get group information for dataset'), E_USER_ERROR);
4868+ }
4869+
4870+ $groups = '';
4871+
4872+ while ($row = $db->get_assoc_row($results))
4873+ {
4874+ $groups .= $row['Group'] . ', ';
4875+ }
4876+
4877+ $groups = trim($groups);
4878+ $groups = trim($groups, ',');
4879+
4880+ return $groups;
4881+ }
4882+
4883+ public function PermissionsForm()
4884+ {
4885+ $db =& $this->db;
4886+ $user =& $this->user;
4887+ $response = new ResponseManager();
4888+ $helpManager = new HelpManager($db, $user);
4889+
4890+ $dataSetId = Kit::GetParam('datasetid', _GET, _INT);
4891+
4892+ $auth = $this->user->DataSetAuth($dataSetId, true);
4893+
4894+ if (!$auth->modifyPermissions)
4895+ trigger_error(__('You do not have permissions to edit this dataset'), E_USER_ERROR);
4896+
4897+ // Form content
4898+ $form = '<form id="DataSetPermissionsForm" class="XiboForm" method="post" action="index.php?p=dataset&q=Permissions">';
4899+ $form .= '<input type="hidden" name="datasetid" value="' . $dataSetId . '" />';
4900+ $form .= '<div class="dialog_table">';
4901+ $form .= ' <table style="width:100%">';
4902+ $form .= ' <tr>';
4903+ $form .= ' <th>' . __('Group') . '</th>';
4904+ $form .= ' <th>' . __('View') . '</th>';
4905+ $form .= ' <th>' . __('Edit') . '</th>';
4906+ $form .= ' <th>' . __('Delete') . '</th>';
4907+ $form .= ' </tr>';
4908+
4909+ // List of all Groups with a view/edit/delete checkbox
4910+ $SQL = '';
4911+ $SQL .= 'SELECT `group`.GroupID, `group`.`Group`, View, Edit, Del, `group`.IsUserSpecific ';
4912+ $SQL .= ' FROM `group` ';
4913+ $SQL .= ' LEFT OUTER JOIN lkdatasetgroup ';
4914+ $SQL .= ' ON lkdatasetgroup.GroupID = group.GroupID ';
4915+ $SQL .= ' AND lkdatasetgroup.DataSetID = %d ';
4916+ $SQL .= ' WHERE `group`.GroupID <> %d ';
4917+ $SQL .= 'ORDER BY `group`.IsEveryone DESC, `group`.IsUserSpecific, `group`.`Group` ';
4918+
4919+ $SQL = sprintf($SQL, $dataSetId, $user->getGroupFromId($user->userid, true));
4920+
4921+ if (!$results = $db->query($SQL))
4922+ {
4923+ trigger_error($db->error());
4924+ trigger_error(__('Unable to get permissions for this dataset'), E_USER_ERROR);
4925+ }
4926+
4927+ while($row = $db->get_assoc_row($results))
4928+ {
4929+ $groupId = $row['GroupID'];
4930+ $group = ($row['IsUserSpecific'] == 0) ? '<strong>' . $row['Group'] . '</strong>' : $row['Group'];
4931+
4932+ $form .= '<tr>';
4933+ $form .= ' <td>' . $group . '</td>';
4934+ $form .= ' <td><input type="checkbox" name="groupids[]" value="' . $groupId . '_view" ' . (($row['View'] == 1) ? 'checked' : '') . '></td>';
4935+ $form .= ' <td><input type="checkbox" name="groupids[]" value="' . $groupId . '_edit" ' . (($row['Edit'] == 1) ? 'checked' : '') . '></td>';
4936+ $form .= ' <td><input type="checkbox" name="groupids[]" value="' . $groupId . '_del" ' . (($row['Del'] == 1) ? 'checked' : '') . '></td>';
4937+ $form .= '</tr>';
4938+ }
4939+
4940+ $form .= '</table>';
4941+ $form .= '</div>';
4942+ $form .= '</form>';
4943+
4944+ $response->SetFormRequestResponse($form, __('Permissions'), '350px', '500px');
4945+ $response->AddButton(__('Help'), 'XiboHelpRender("' . $helpManager->Link('Layout', 'Permissions') . '")');
4946+ $response->AddButton(__('Cancel'), 'XiboDialogClose()');
4947+ $response->AddButton(__('Save'), '$("#DataSetPermissionsForm").submit()');
4948+ $response->Respond();
4949+ }
4950+
4951+ public function Permissions()
4952+ {
4953+ $db =& $this->db;
4954+ $user =& $this->user;
4955+ $response = new ResponseManager();
4956+ Kit::ClassLoader('datasetgroupsecurity');
4957+
4958+ $dataSetId = Kit::GetParam('datasetid', _POST, _INT);
4959+ $groupIds = Kit::GetParam('groupids', _POST, _ARRAY);
4960+
4961+ $auth = $this->user->DataSetAuth($dataSetId, true);
4962+
4963+ if (!$auth->modifyPermissions)
4964+ trigger_error(__('You do not have permissions to edit this dataset'), E_USER_ERROR);
4965+
4966+ // Unlink all
4967+ $security = new DataSetGroupSecurity($db);
4968+ if (!$security->UnlinkAll($dataSetId))
4969+ trigger_error(__('Unable to set permissions'));
4970+
4971+ // Some assignments for the loop
4972+ $lastGroupId = 0;
4973+ $first = true;
4974+ $view = 0;
4975+ $edit = 0;
4976+ $del = 0;
4977+
4978+ // List of groupIds with view, edit and del assignments
4979+ foreach($groupIds as $groupPermission)
4980+ {
4981+ $groupPermission = explode('_', $groupPermission);
4982+ $groupId = $groupPermission[0];
4983+
4984+ if ($first)
4985+ {
4986+ // First time through
4987+ $first = false;
4988+ $lastGroupId = $groupId;
4989+ }
4990+
4991+ if ($groupId != $lastGroupId)
4992+ {
4993+ // The groupId has changed, so we need to write the current settings to the db.
4994+ // Link new permissions
4995+ if (!$security->Link($dataSetId, $groupId, $view, $edit, $del))
4996+ trigger_error(__('Unable to set permissions'));
4997+
4998+ // Reset
4999+ $lastGroupId = $groupId;
5000+ $view = 0;
The diff has been truncated for viewing.

Subscribers

People subscribed via source and target branches

to status/vote changes: